After self-hosting my email for twenty-three years I have thrown in the towel.

The oligopoly has won.

Many companies have been trying to disrupt email by making it proprietary.

Many companies have been trying to disrupt email by making it proprietary. So far, they have failed. Email keeps being an open protocol. Hurray?

No hurray. Email is not distributed anymore. You just cannot create another first-class node of this network.

Email is now an oligopoly, a service gatekept by a few big companies which does not follow the principles of net neutrality.

I have been self-hosting my email since I got my first broadband connection at home in 1999. I absolutely loved having a personal web+email server at home, paid extra for a static IP and a real router so people could connect from the outside. I felt like a first-class citizen of the Internet and I learned so much.

Over time I realized that residential IP blocks were banned on most servers. I moved my email server to a VPS. No luck. I quickly understood that self-hosting email was a lost cause. Nevertheless, I have been fighting back out of pure spite, obstinacy, and activism. In other words, because it was the right thing to do.

But my emails are just not delivered anymore. I might as well not have an email server.

https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.html

#email
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

E-Mail Done My Way, Part 0 - The journey

Warning. This whole series is not a simple HOWTO. This series is about how I run my mail server. I go through the configuration, line by line and explain. It’s not going to be a simple Copy/Paste to run your own mail server. You have been warned.

This will be at least a three part series. Maybe more. We will see.

E-Mail, while being one of the oldest services on the internet, is a complex beast to tame. You have to be careful at every step of setting it up. Failure can cost you dearly. Open relays, blacklists, Denial of Service. There be dragons. These are the building blocks I use and will explain:

https://jan.wildeboer.net/2022/08/Email-0-The-Journey-2022/

💡 Read as well:
After self-hosting my email for twenty-three years I have thrown in the towel
https://t.iss.one/BlackBox_Archiv/3017

#email
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The entire Irish healthcare system was impacted by ransomware, restoration took months even with decryption key, required the army being called in (!)...

...and they put the entire major incident report public, all 157 pages:
https://www.hse.ie/eng/services/publications/conti-cyber-attack-on-the-hse-full-report.pdf

#irland #ransomware #pdf
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

TikTok Data Breach

This is your forewarning. #TikTok has reportedly suffered a #data #breach, and if true there may be fallout from it in the coming days. We recommend you change your TikTok #password and enable Two-Factor Authentication, if you have not done so already.

https://nitter.pussthecat.org/BeeHiveCyberSec/status/1566340883959746562

https://gist.github.com/troyhunt/d238ded80353cce53bea4545545ed172

💡read as well (German)
https://tarnkappe.info/artikel/hacking/bluehornet-sicherheitsforscher-hackt-tiktok-255255.html

#TikTok #breach
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

NHS 111 software outage confirmed as cyber-attack

The problems are reported to have impacted referrals from the NHS 111 helpline to out-of-hours GPs.

A software outage affecting the NHS 111 service was caused by a cyber-attack, it has been confirmed.

Advanced, a firm providing digital services for NHS 111, said the attack was spotted at 07:00 BST on Thursday.

The attack targeted the system used to refer patients for care, including ambulances being dispatched, out-of-hours appointment bookings and emergency prescriptions.

But the NHS said disruption was minimal.

The National Crime Agency said it was "aware of a cyber incident" and was working with Advanced.

"A security issue was identified yesterday, which resulted in loss of service," said Advanced boss Simon Short.

"We can confirm that the incident is related to a cyber-attack and as a precaution, we immediately isolated all our health and care environments."

He said the issue had been contained "to a small number of servers".

Advanced has indicated the issue might not be fully resolved until next week.

https://www.bbc.co.uk/news/uk-wales-62442127

#cyberattack #advanced #nhs #uk
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Check out what online companies know about you

https://clario.co/blog/which-company-uses-most-data/

#bigdata #DeleteFacebook #DeleteMeta
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Legitimate SaaS Platforms Being Used to Host Phishing Attacks

Executive Summary

Instead of creating phishing pages from scratch, more and more cybercriminals are now abusing legitimate software-as-a-service (SaaS) platforms, including various website builders or form builders, to host their phishing pages. Since these URLs are hosted on legitimate domains, they can be especially difficult for many phishing detection engines to detect. Furthermore, these platforms typically require little to no coding experience, significantly lowering the barrier to entry for creating and launching phishing attacks.

From the beginning of 2020 to June 2022, Palo Alto Networks analyzed the URLs detected by our Advanced URL Filtering service, and discovered that the number of phishing URLs hosted on legitimate SaaS platforms has continued to increase at an alarming rate. In fact, from June 2021-June 2022, the rate of newly detected phishing URLs hosted on legitimate SaaS platforms has increased over 1100%.

The Palo Alto Networks Advanced URL Filtering uses deep learning to analyze the content of each webpage at the URL level instead of the domain level. Customers with an Advanced URL Filtering subscription therefore receive protections from these platform-abuse phishing attacks.

Table of Contents

- Introduction to Platform-Abuse Phishing Attacks
- Methodology
- Results: Platform-Abuse Phishing Is on the Rise
- Platform-Abuse Phishing Case Studies
- Conclusion
- Acknowledgements

https://unit42.paloaltonetworks.com/platform-abuse-phishing/

#phishing
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

In wake of EPIC data breach - Samsung forcing users to accept T&Cs or risk their data

Users attempting to take sensible precautions after a recent spate of data breaches at Korean techmonger, Samsung, are being forced to accept updated terms and conditions in order to do so.

Samsung has fallen prey to two data breaches in 2022 to date. The first orchestrated by the notorious Lapsus$ group, saw 190GB of data exfiltrated from the company, and included algorithms for all biometric unlocking operations, source code for the bootloader for newer Samsung products, and all the source code behind the process of authorizing and authenticating Samsung accounts.

The second affected users directly and saw Samsung wait a month before notifying customers that a huge trove of personally identifying information was now in the hands of criminals.

While the understated press release from Samsung reassured customers that there was no need for panic, prudent users - perhaps alarmed at Samsung’s lack of alarm - immediately logged into their Samsung account to change their password.

Many users create a Samsung account when they buy their phones and then immediately forget about it. Some read the terms and conditions, and some don’t. You should always read the terms and conditions.

And if you created your account before September 2021, Samsung is under no obligation to notify you when those terms change - unless you attempt to log into your online account, that is.

Samsung’s terms and conditions were last updated on 30 September 2021, in a change that went largely unnoticed by everyone.

While it’s technically possible to request a password reset without logging in and accepting the updated terms and conditions, you do need to accept them in order to access other security features of your Samsung account.

https://thecrow.uk/in-wake-of-epic-data-breach-samsung-forcing-users-to-accept-new-terms-or-risk-their-data/

#samsung #breach
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Kiwi Farms all but finished after bill comes due for years of trolling and harassment

There’s an old saying, “You play with the bull, you get the horns.” One of the most noxious corners of the tubes learned that the hard way this weekend. Kiwi Farms, a message board notorious for vicious and criminal harassment of vulnerable people—especially trans people—was essentially driven out of existence over the weekend. In the wake of heightened scrutiny over Kiwi Farms’ tactics, multiple companies cut ties with the site, rendering it all but inaccessible.

The beginning of the end came when Cloudflare, which protected Kiwi Farms from DDoS attacks, dropped Kiwi Farms (diaried here) after increasingly threatening posts led Cloudflare to reverse its initial decision to continue working with the site. In the last 24 hours, multiple companies, including its replacement DDoS protector, cut ties with the site as well. It as been offline since late Sunday night/early Monday morning, and the site’s founder and administrator suggests it may be awhile before it comes back—if it does come back.

https://www.dailykos.com/stories/2022/9/5/2120881/-Kiwi-Farms-all-but-finished-after-bill-comes-due-for-years-of-trolling-and-harassment

#kiwifarms
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

CSharp PoC for transacted hollowing

https://github.com/daem0nc0re/TangledWinExec/commit/f898bf157ad993f900985d78b8d8fdc22df0163c

#CSharp #poc #hollowing
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots

https://www.securitee.org/files/ctpot_usec2022.pdf

#pdf #bots
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

We won. Kiwi Farms is dead

https://nitter.pussthecat.org/keffals/status/1566921249036681217

via Twitter

#DropKiwifarms
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Inside the Windows Cache Manager

The cache is an integral part of the operating system and its hybrid kernel. Roughly speaking, it's just a virtual memory region in the kernel address space, on which the Cache Manager maps file data to provide quick access to them in the future. This access is frequently used by the File System Driver (FSD) or the Windows Memory Manager (VMM). Instead of reading file data from disk every time a user or system needs to access to it, the OS kernel calls the Cache Manager in an attempt to get this data from memory. In turn, the Cache Manager is a set of function in the kernel executable file ntoskrnl.exe, which starts with a prefix Cc. These functions are private, so to get to their names, you need to configure the symbol server settings in WinDbg or IDA.

Learning the Windows Cache Manager is quite a difficult task for beginners. This Windows kernel subsystem is closely related to the VMM, so if you don't have enough knowledge in it, try to understand the basic concepts without going into complicated technical aspects. In addition, you should have some knowledge in the field of file system drivers (FSD), because they are the most frequent clients of the Cache Manager. It's worth to note that the cache concept exists only at the level of file system, lower drivers on the device stack like the volume manager, partition manager, disk driver, and disk port driver don't use it.

https://www.linkedin.com/pulse/inside-windows-cache-manager-artem-baranov

#windows #cachemanager
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Encrypted app Signal just hired one of Big Tech’s sharpest critics

Meredith Whittaker, the former Google manager, is Signal’s first president. She is out to convince users to pay for the free app.

Signal has hired Meredith Whittaker, a former Google manager who has been outspoken about the harms of Big Tech, as its first president, adding to the roster of tech critics leading the encrypted messaging app.

In the crowded market for messaging apps, Signal stands apart. It’s committed to encryption in an industry built on collecting personal data. It’s run by a nonprofit but competes against WhatsApp and iMessage, backed by some of the richest companies in the world, Facebook parent Meta and Apple.

As president, Whittaker will help guide strategy, communications and policy. In an interview, she said she plans to focus on sustaining Signal, which hopes to support itself with small donations from millions of users. Signal announced her new role Monday at an event in Berlin.

...(...)
"An alternative to data collection only exists if the community of people who rely on it “kick in a little bit." (Meredith Whittaker)

https://www.washingtonpost.com/technology/2022/09/06/signal-meredith-whittaker/

#signal #messenger
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

New EU law amplifies risks of state over-reach and mass surveillance

The EDRi network published its position paper on the proposed Regulation on automated data exchange for police cooperation (“Prüm II”). The European Commission’s Prüm II proposal fails to put in place vital safeguards designed to protect all of us from state overreach and authoritarian mass surveillance practices. In the worst case scenario, we may no longer be able to walk freely on our streets as the new law would treat large parts of the population as a criminal before proven otherwise.

https://edri.org/our-work/new-eu-law-amplifies-risks-of-state-over-reach-and-mass-surveillance/

#surveillance #edri
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Trans activist celebrates rare victory against online trolls after Kiwi Farms deplatforming

Belfast, Northern Ireland (CNN Business) Clara Sorrenti, a trans activist who was forced to flee her home in Canada after users of a hate-filled website targeted her, has succeeded in her campaign to get the site taken offline, for now.

https://edition.cnn.com/2022/09/06/tech/kiwi-farms-clara-sorrenti-keffals/index.html

💡 Read as well:
- We won. Kiwi Farms is dead
- Kiwi Farms all but finished after bill comes due for years of trolling and harassment

#DropKiwifarms #video
🎥@cRyPtHoN_INFOSEC_IT
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

InterContinental Hotels Group PLC - Unauthorised access to technology systems

InterContinental Hotels Group PLC (IHG or the Company) reports that parts of the Company's technology systems have been subject to unauthorised activity. IHG's booking channels and other applications have been significantly disrupted since yesterday, and this is ongoing.

IHG has implemented its response plans, is notifying relevant regulatory authorities and is working closely with its technology suppliers. External specialists have also been engaged to investigate the incident.

IHG is working to fully restore all systems as soon as possible and to assess the nature, extent and impact of the incident. We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG's hotels are still able to operate and to take reservations directly.

A further update will be provided as and when appropriate.

https://www.londonstockexchange.com/news-article/IHG/unauthorised-access-to-technology-systems/15617013

#ihg #breach
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

About Detection Engineering

In recent months I’ve noticed several attempts to define the term detection engineering and thought I should share my thoughts on this topic in a short blog post.

This blog post tries to cover all possible purposes of detection engineering to develop a broad definition of the term, excluding only a few borderline areas.

https://cyb3rops.medium.com/about-detection-engineering-44d39e0755f0

#detection #engineering
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Don't miss out on the first-ever #ColourOfSurveillanceEurope Conference

#edri #dff #bitsoffreedom and #CntrleAltDlt are organising the conference in Amsterdam on 15-16 Sept.

👀 You can follow our Day 1 discussion LIVE here: 👀
https://edri.org/take-action/events/call-for-proposals-colour-of-surveillance-europe-conference-15-16-september-2022/

📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Twitter whistleblower reveals employees concerned China agent could collect user data

Sept 13 (Reuters) - The FBI informed Twitter Inc (TWTR.N) of at least one Chinese agent working at the company, U.S. Senator Chuck Grassley said during a Senate hearing on Tuesday where a whistleblower testified, raising new concerns about foreign meddling at the influential social media platform.

Peiter "Mudge" Zatko, a famed hacker who served as Twitter's head of security until his firing in January, said some Twitter employees were concerned the Chinese government would be able to collect data on the company's users.

Twitter has come under fire previously for lax security, most notably in 2020 when teenage hackers seized control of dozens of high-profile accounts, including the verified profile of former U.S. President Barack Obama.

On Tuesday, Zatko's testimony before the Senate Judiciary Committee revealed Twitter's security issues could be far more serious, alleging for the first time that the company was informed of agents of the Chinese government working at the social media firm.

https://www.reuters.com/legal/twitter-whistleblower-detail-dire-security-threats-ahead-musk-deal-vote-2022-09-13/

#twitter
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

About 50,000 user credentials of Indonesia's largest cryptocurrency exchange "INDODAX" were leaked to the dark web by stealer malware. Of these, 82.7% are the credentials of Indonesian users.

https://nitter.pussthecat.org/darktracer_int/status/1569969935593664512

via Twitter

#leak #indonesia #indodax
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv