Puedes abrir una puerta con una llave, pero también puedes encontrar la forma de hacerlo sin tener esa llave”. Lo mismo ocurre al intentar acceder a la geolocalización de un terminal. Puedes no tener acceso al GPS, pero hallar el modo de acceder a la información del posicionamiento del usuario.
Metadatos
Una forma de hacerlo es a través de los metadatos que están integrados en las fotografías sacadas por el propietario del smartphone, según Vallina. "Por defecto, cada fotografía que saca un usuario Android contiene metadatos como la posición y la hora en la que se han tomado. Varias apps acceden a la posición histórica del usuario pidiendo el permiso para leer la tarjeta de memoria, porque ahí es donde están almacenadas las fotografías, sin tener que pedir acceso al GPS”, afirma. Es el caso de Shutterfly, una aplicación de edición de fotografía. Los investigadores han comprobado que recababa información de coordenadas de GPS a partir de las imágenes de los usuarios pese a que le hubieran denegado el permiso para acceder a su ubicación.
También es posible acceder a la geolocalización a través del punto de acceso wifi con la dirección MAC del router, un identificador asignado por el fabricante que se puede correlacionar con bases de datos existentes para averiguar la posición del usuario “con una resolución bastante precisa”.
Para que la aplicación pueda acceder a esta información, existe un permiso que el usuario debe activar en su smartphone llamado “información de la conexión wifi”, según explica Vallina. Pero hay apps que consiguen obtener estos datos sin que el permiso esté activado. Para hacerlo, extraen la dirección MAC del router que el terminal obtiene mediante el protocolo ARP (Address Resolution Protocol), que se usa para conectar y descubrir los dispositivos que están en una red local. Es decir, las aplicaciones pueden acceder a un fichero que expone la información MAC del punto de acceso wifi: “Si lees ese fichero que el sistema operativo expone sin ningún tipo de permiso, puedes saber la geolocalización de forma totalmente opaca para el usuario”.
Librerías de terceros
Muchas de estas filtraciones de datos o abusos a la privacidad del usuario se realizan por librerías, que son servicios o miniprogramas de terceros incluidos en el código de las aplicaciones. Estas librerías se ejecutan con los mismos privilegios que la app en la que se encuentran. En muchas ocasiones, el usuario no es consciente de que existen. “Muchos de esos servicios tienen un modelo de negocio que está basado en la obtención y el procesado de los datos personales”, afirma el investigador.
Por ejemplo, aplicaciones como la del parque de Disneyland de Hong Kong utilizan el servicio de mapas de la compañía china Baidu. De esta forma, pueden acceder sin necesidad de tener ningún permiso a información como el IMEI y otros identificadores que las librerías del buscador chino almacenan en la tarjeta SD. Las aplicaciones de salud y navegación de Samsung, que están instaladas en más de 500 millones de dispositivos, también han utilizado este tipo de librerías para su funcionamiento. “La propia librería explota esas vulnerabilidades para acceder a esos datos para sus propios fines. No está claro si luego el desarrollador de la app accede a esos datos a través de la librería”, explica.
Vallina afirma que en las próximas investigaciones analizarán el ecosistema de las librerías de terceros y para qué fines se obtienen los datos. También estudiarán los modelos de monetización que existen en Android y la transparencia de las aplicaciones en cuanto a lo que hacen y lo que dicen hacer en las políticas de privacidad. Para evitar este tipo de prácticas, el también coautor del estudio Joel Reardon señala la importancia de realizar investigaciones de este tipo con el objetivo de “encontrar estos errores y prevenirlos”.
Metadatos
Una forma de hacerlo es a través de los metadatos que están integrados en las fotografías sacadas por el propietario del smartphone, según Vallina. "Por defecto, cada fotografía que saca un usuario Android contiene metadatos como la posición y la hora en la que se han tomado. Varias apps acceden a la posición histórica del usuario pidiendo el permiso para leer la tarjeta de memoria, porque ahí es donde están almacenadas las fotografías, sin tener que pedir acceso al GPS”, afirma. Es el caso de Shutterfly, una aplicación de edición de fotografía. Los investigadores han comprobado que recababa información de coordenadas de GPS a partir de las imágenes de los usuarios pese a que le hubieran denegado el permiso para acceder a su ubicación.
También es posible acceder a la geolocalización a través del punto de acceso wifi con la dirección MAC del router, un identificador asignado por el fabricante que se puede correlacionar con bases de datos existentes para averiguar la posición del usuario “con una resolución bastante precisa”.
Para que la aplicación pueda acceder a esta información, existe un permiso que el usuario debe activar en su smartphone llamado “información de la conexión wifi”, según explica Vallina. Pero hay apps que consiguen obtener estos datos sin que el permiso esté activado. Para hacerlo, extraen la dirección MAC del router que el terminal obtiene mediante el protocolo ARP (Address Resolution Protocol), que se usa para conectar y descubrir los dispositivos que están en una red local. Es decir, las aplicaciones pueden acceder a un fichero que expone la información MAC del punto de acceso wifi: “Si lees ese fichero que el sistema operativo expone sin ningún tipo de permiso, puedes saber la geolocalización de forma totalmente opaca para el usuario”.
Librerías de terceros
Muchas de estas filtraciones de datos o abusos a la privacidad del usuario se realizan por librerías, que son servicios o miniprogramas de terceros incluidos en el código de las aplicaciones. Estas librerías se ejecutan con los mismos privilegios que la app en la que se encuentran. En muchas ocasiones, el usuario no es consciente de que existen. “Muchos de esos servicios tienen un modelo de negocio que está basado en la obtención y el procesado de los datos personales”, afirma el investigador.
Por ejemplo, aplicaciones como la del parque de Disneyland de Hong Kong utilizan el servicio de mapas de la compañía china Baidu. De esta forma, pueden acceder sin necesidad de tener ningún permiso a información como el IMEI y otros identificadores que las librerías del buscador chino almacenan en la tarjeta SD. Las aplicaciones de salud y navegación de Samsung, que están instaladas en más de 500 millones de dispositivos, también han utilizado este tipo de librerías para su funcionamiento. “La propia librería explota esas vulnerabilidades para acceder a esos datos para sus propios fines. No está claro si luego el desarrollador de la app accede a esos datos a través de la librería”, explica.
Vallina afirma que en las próximas investigaciones analizarán el ecosistema de las librerías de terceros y para qué fines se obtienen los datos. También estudiarán los modelos de monetización que existen en Android y la transparencia de las aplicaciones en cuanto a lo que hacen y lo que dicen hacer en las políticas de privacidad. Para evitar este tipo de prácticas, el también coautor del estudio Joel Reardon señala la importancia de realizar investigaciones de este tipo con el objetivo de “encontrar estos errores y prevenirlos”.
❤1
Si los desarrolladores de aplicaciones pueden eludir los permisos, ¿tiene sentido pedir permiso a los usuarios? “Sí”, responde tajante Reardon. El investigador hace hincapié en que las aplicaciones no pueden burlar todos los mecanismos de control y que poco a poco lo tendrán más difícil. “El sistema de permisos tiene muchos fallos, pero aún así sirve y persigue un propósito importante”, afirma.
Responsabilidad de los desarrolladores
Estas prácticas realizadas sin el consentimiento de los usuarios incumplen, entre otras normativas, el Reglamento General de Protección de Datos (RGPD) y la Ley Orgánica de Protección de Datos. Los desarrolladores de estas aplicaciones podrían enfrentarse, según el RGPD, a sanciones económicas de hasta 20 millones de euros o el 4% de la facturación anual de la empresa. E incluso podrían constituir un delito contra la intimidad (artículo 197 del Código Penal) que podría conllevar penas de prisión, según Adsuara.
El abogado sostiene que la mayor parte de la responsabilidad recae en los desarrolladores. Pero considera que tanto las tiendas —Google Play y Apple Store— como las plataformas que dan acceso a las aplicaciones a los datos de sus usuarios —como Facebook en el caso Cambridge Analytica— tienen una responsabilidad in vigilando: “Es decir, el deber de vigilar que las aplicaciones que aceptan en su tienda o a las que dan acceso a los datos de sus usuarios en su plataforma sean seguras”.
“Aunque cada uno es responsable de sus actos, se echa en falta alguna autoridad española o europea que revise la seguridad de las aplicaciones y servicios TIC antes de lanzarlas al mercado”, afirma. Y subraya que en otros sectores sí existe algún tipo de certificación que garantiza que un producto o servicio es seguro: “A nadie se le ocurre, por ejemplo, que se autorice la circulación de coches a los que les fallan los frenos. Y ya no digamos medicinas, alimentos o juguetes. Sin embargo, es normal en el sector TIC que se lancen al mercado aplicaciones y servicios con agujeros de seguridad, que luego, sobre la marcha, se van parcheando”.
https://elpais.com/tecnologia/2019/07/18/actualidad/1563452146_195128.html
#faceapp #privacidad
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Responsabilidad de los desarrolladores
Estas prácticas realizadas sin el consentimiento de los usuarios incumplen, entre otras normativas, el Reglamento General de Protección de Datos (RGPD) y la Ley Orgánica de Protección de Datos. Los desarrolladores de estas aplicaciones podrían enfrentarse, según el RGPD, a sanciones económicas de hasta 20 millones de euros o el 4% de la facturación anual de la empresa. E incluso podrían constituir un delito contra la intimidad (artículo 197 del Código Penal) que podría conllevar penas de prisión, según Adsuara.
El abogado sostiene que la mayor parte de la responsabilidad recae en los desarrolladores. Pero considera que tanto las tiendas —Google Play y Apple Store— como las plataformas que dan acceso a las aplicaciones a los datos de sus usuarios —como Facebook en el caso Cambridge Analytica— tienen una responsabilidad in vigilando: “Es decir, el deber de vigilar que las aplicaciones que aceptan en su tienda o a las que dan acceso a los datos de sus usuarios en su plataforma sean seguras”.
“Aunque cada uno es responsable de sus actos, se echa en falta alguna autoridad española o europea que revise la seguridad de las aplicaciones y servicios TIC antes de lanzarlas al mercado”, afirma. Y subraya que en otros sectores sí existe algún tipo de certificación que garantiza que un producto o servicio es seguro: “A nadie se le ocurre, por ejemplo, que se autorice la circulación de coches a los que les fallan los frenos. Y ya no digamos medicinas, alimentos o juguetes. Sin embargo, es normal en el sector TIC que se lancen al mercado aplicaciones y servicios con agujeros de seguridad, que luego, sobre la marcha, se van parcheando”.
https://elpais.com/tecnologia/2019/07/18/actualidad/1563452146_195128.html
#faceapp #privacidad
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
El País
No solo FaceApp: miles de aplicaciones espían aunque se les niegue el permiso
Casi 13.000 ‘apps’ burlan los permisos de Android para recopilar datos de los usuarios
Media is too big
VIEW IN TELEGRAM
Gaslight – Film, Literature and the New World Order
In this edition of Film, Literature and the #NewWorldOrder we welcome Thomas Sheridan, author of The Anvil of the Psyche, to discuss Gaslight, the 1940 British psychological thriller that introduced us to the concept of ‘gaslighting.’ In the discussion we point out how common #gaslighting is, ask “Are you being gaslighted?”, talk about techniques for defending oneself from gaslighting, and talk about how this technique is used on a societal level by the# psychopaths at the top of the pyramid.
📺 https://www.corbettreport.com/gaslight-film-literature-and-the-new-world-order/
#corbettreport #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
In this edition of Film, Literature and the #NewWorldOrder we welcome Thomas Sheridan, author of The Anvil of the Psyche, to discuss Gaslight, the 1940 British psychological thriller that introduced us to the concept of ‘gaslighting.’ In the discussion we point out how common #gaslighting is, ask “Are you being gaslighted?”, talk about techniques for defending oneself from gaslighting, and talk about how this technique is used on a societal level by the# psychopaths at the top of the pyramid.
📺 https://www.corbettreport.com/gaslight-film-literature-and-the-new-world-order/
#corbettreport #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
On TikTok, Teens Meme the Safety App Ruining Their Summer
Spend enough time on the social media app TikTok, and you’re bound to see a Life360 meme. That’s because Life360, a location-sharing app aimed at families, is apparently ruining the lives of teenagers all across the United States. The service allows parents to track their kids’ whereabouts in real time, among other features. As one girl with long, blond hair jokes in a popular TikTok clip, it’s set her summer vacation on fire. Some of the videos have racked up hundreds of thousands of likes—in other words, they’re relatable.
That’s because for many adolescents, adult supervision has turned into adult surveillance. Schools are adopting facial recognition technology to monitor campuses. Parents can now remotely check their child’s browsing histories and social media accounts, watch their movements via motion-sensing cameras, and track everywhere they go with location-sharing apps. In a Pew Research Center study last year, 58 percent of US parents said they sometimes or often look at their teenager’s messages, call logs, and the websites they visit. In a separate study from 2016, 16 percent said they used location-sharing apps.
Life360 is one of the many digital monitoring tools now used by millions of parents in the United States. The app functions like an enhanced version of Apple’s “Find My” feature that lets you share your location with friends or family—or what the company calls “your Circle.” In addition to location sharing, Life360 lets family members see how fast people in their circle are driving, how much battery their cell phones have, and more. The service is free to download and use, although you can pay for additional features. According to the San Francisco-based company, Life360 had over 18 million monthly active users at the end of 2018.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/on-tiktok-teens-meme-the-safety-app-ruining-their-summer
#Life360 #surveillance #teens #USA
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Spend enough time on the social media app TikTok, and you’re bound to see a Life360 meme. That’s because Life360, a location-sharing app aimed at families, is apparently ruining the lives of teenagers all across the United States. The service allows parents to track their kids’ whereabouts in real time, among other features. As one girl with long, blond hair jokes in a popular TikTok clip, it’s set her summer vacation on fire. Some of the videos have racked up hundreds of thousands of likes—in other words, they’re relatable.
That’s because for many adolescents, adult supervision has turned into adult surveillance. Schools are adopting facial recognition technology to monitor campuses. Parents can now remotely check their child’s browsing histories and social media accounts, watch their movements via motion-sensing cameras, and track everywhere they go with location-sharing apps. In a Pew Research Center study last year, 58 percent of US parents said they sometimes or often look at their teenager’s messages, call logs, and the websites they visit. In a separate study from 2016, 16 percent said they used location-sharing apps.
Life360 is one of the many digital monitoring tools now used by millions of parents in the United States. The app functions like an enhanced version of Apple’s “Find My” feature that lets you share your location with friends or family—or what the company calls “your Circle.” In addition to location sharing, Life360 lets family members see how fast people in their circle are driving, how much battery their cell phones have, and more. The service is free to download and use, although you can pay for additional features. According to the San Francisco-based company, Life360 had over 18 million monthly active users at the end of 2018.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/on-tiktok-teens-meme-the-safety-app-ruining-their-summer
#Life360 #surveillance #teens #USA
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
This media is not supported in your browser
VIEW IN TELEGRAM
Why change to Telegram?
Telegram is for everyone who likes fast and reliable messages and calls.
Whether small or large groups. Your own username, desktop applications or powerful options to share files with your friends ....
#telegram #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Telegram is for everyone who likes fast and reliable messages and calls.
Whether small or large groups. Your own username, desktop applications or powerful options to share files with your friends ....
#telegram #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Israeli group’s spyware ‘offers keys to Big Tech’s cloud’
Company’s sales pitch claimed technology can access data from Apple, Google, Facebook and Amazon
The Israeli company whose spyware hacked WhatsApp has told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft, according to people familiar with its sales pitch.
NSO Group’s flagship smartphone malware, nicknamed Pegasus, has for years been used by spy agencies and governments to harvest data from targeted individuals’ smartphones.
But it has now evolved to capture the much greater trove of information stored beyond the phone in the cloud, such as a full history of a target’s location data, archived messages or photos, according to people who shared documents with the Financial Times and described a recent product demonstration.
The documents raise difficult questions for Silicon Valley’s technology giants, which are trusted by billions of users to keep critical personal information, corporate secrets and medical records safe from potential hackers.
NSO denied promoting hacking or mass-surveillance tools for cloud services. However, it did not specifically deny that it had developed the capability described in the documents.
The company has always maintained that its software, which is designated by Israel as a weapon, is only sold to responsible governments to help prevent terrorist attacks and crimes. But Pegasus has been traced by researchers to the phones of human rights activists and journalists around the world, raising allegations that it is being abused by repressive regimes.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/israeli-groups-spyware-offers-keys-to-big-techs-cloud
#spyware #israel #pegasus #cloud #apple #facebook #google #amazon
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Company’s sales pitch claimed technology can access data from Apple, Google, Facebook and Amazon
The Israeli company whose spyware hacked WhatsApp has told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft, according to people familiar with its sales pitch.
NSO Group’s flagship smartphone malware, nicknamed Pegasus, has for years been used by spy agencies and governments to harvest data from targeted individuals’ smartphones.
But it has now evolved to capture the much greater trove of information stored beyond the phone in the cloud, such as a full history of a target’s location data, archived messages or photos, according to people who shared documents with the Financial Times and described a recent product demonstration.
The documents raise difficult questions for Silicon Valley’s technology giants, which are trusted by billions of users to keep critical personal information, corporate secrets and medical records safe from potential hackers.
NSO denied promoting hacking or mass-surveillance tools for cloud services. However, it did not specifically deny that it had developed the capability described in the documents.
The company has always maintained that its software, which is designated by Israel as a weapon, is only sold to responsible governments to help prevent terrorist attacks and crimes. But Pegasus has been traced by researchers to the phones of human rights activists and journalists around the world, raising allegations that it is being abused by repressive regimes.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/israeli-groups-spyware-offers-keys-to-big-techs-cloud
#spyware #israel #pegasus #cloud #apple #facebook #google #amazon
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Dancing to the beat of the 419
How internet scams are funding Nigerias pop scene
Would-be Afrobeats stars need cash to make it in Nigeria’s music industry — and cybercriminals have plenty to burn. The partnership has generated some of the country’s biggest hits, and put famous names behind bars.
Naira Marley swaggers on to the stage. He needs no introduction. Instantly, the mood of the crowd at the open-air Eko Atlantic concert venue in Lagos lifts.
Some start to scream his name, and he nods in their direction, soaking up the adulation before launching straight into his biggest hit.
“Issa Goal, Issa Goal,” the crowd sings along with him, and he delights them further with a few steps from Zanku, a popular dance routine.
It is December 28 2018, and Marley is one of the hottest stars in the country, performing here at the invitation of an even bigger Nigerian star, Davido. Issa Goal propelled Marley to stardom, and it is being played in every club, on every dance floor, and was even chosen as the official soundtrack for Nigeria’s efforts at the 2018 football World Cup.
But if Marley’s rise was spectacular, his fall from grace was even more so. Six months later, he found himself behind bars at the Kirikiri Maximum Security Prison in Lagos, facing 11 criminal charges relating to cybercrime, fraud and possession of counterfeit cards.
His next public appearance, at a court hearing, was a far cry from his sold-out concerts. He looked chastened as he pushed his way through a scrum of photographers; a video of his mother crying went viral.
In June, Marley was granted bail, but if convicted he could spend seven years in prison.
Marley’s is by no means an isolated case. Nigeria is world-famous when it comes to cyberscamming. What is less well understood is that internet fraudsters are also bankrolling some of the biggest stars in Nigerian music and that these stars, in turn, are using their platform to generate sympathy for the criminals.
Full story at:
https://atavist.mg.co.za/dancing-to-the-beat-of-the-419
#Nigeria #scams #internet #music #funding
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
How internet scams are funding Nigerias pop scene
Would-be Afrobeats stars need cash to make it in Nigeria’s music industry — and cybercriminals have plenty to burn. The partnership has generated some of the country’s biggest hits, and put famous names behind bars.
Naira Marley swaggers on to the stage. He needs no introduction. Instantly, the mood of the crowd at the open-air Eko Atlantic concert venue in Lagos lifts.
Some start to scream his name, and he nods in their direction, soaking up the adulation before launching straight into his biggest hit.
“Issa Goal, Issa Goal,” the crowd sings along with him, and he delights them further with a few steps from Zanku, a popular dance routine.
It is December 28 2018, and Marley is one of the hottest stars in the country, performing here at the invitation of an even bigger Nigerian star, Davido. Issa Goal propelled Marley to stardom, and it is being played in every club, on every dance floor, and was even chosen as the official soundtrack for Nigeria’s efforts at the 2018 football World Cup.
But if Marley’s rise was spectacular, his fall from grace was even more so. Six months later, he found himself behind bars at the Kirikiri Maximum Security Prison in Lagos, facing 11 criminal charges relating to cybercrime, fraud and possession of counterfeit cards.
His next public appearance, at a court hearing, was a far cry from his sold-out concerts. He looked chastened as he pushed his way through a scrum of photographers; a video of his mother crying went viral.
In June, Marley was granted bail, but if convicted he could spend seven years in prison.
Marley’s is by no means an isolated case. Nigeria is world-famous when it comes to cyberscamming. What is less well understood is that internet fraudsters are also bankrolling some of the biggest stars in Nigerian music and that these stars, in turn, are using their platform to generate sympathy for the criminals.
Full story at:
https://atavist.mg.co.za/dancing-to-the-beat-of-the-419
#Nigeria #scams #internet #music #funding
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The government or the people. Telecoms firms trapped in internet shutdowns
Several African governments have ordered some form of internet restriction in recent years. The blackouts are a major risk, especially for telecoms, which can be considered complicit. And that could cost them.
Chad ended its social media blackout last week. Facebook, Twitter and other similar apps were blocked in the country since March 2018. That could have cost the Chadian economy more than $200 million (€177 million), based on calculations from NGO NetBlocks’ Cost of Shutdown Tool (COST).
The cost of internet restrictions in Africa may have amounted to many hundreds of millions this year alone — with Sudan’s recent blackout being the most expensive to date. COST allows users to see the indirect economic effects of internet shutdowns, says NetBlocks’ director, Alp Toker.
“You see the impact to traders who are not registered in official books,” he adds, pointing to the fact that both the informal sector and the impact to investment are included in the calculation.
Toker believes internet shutdowns can even be more costly in developing countries because they are less likely to have other good communication systems, such as a functioning postal service or a good network of landlines.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/the-government-or-the-people-telecoms-firms-trapped-in-internet-shutdowns
#goverments #internet #shutdown #restriction #blackout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Several African governments have ordered some form of internet restriction in recent years. The blackouts are a major risk, especially for telecoms, which can be considered complicit. And that could cost them.
Chad ended its social media blackout last week. Facebook, Twitter and other similar apps were blocked in the country since March 2018. That could have cost the Chadian economy more than $200 million (€177 million), based on calculations from NGO NetBlocks’ Cost of Shutdown Tool (COST).
The cost of internet restrictions in Africa may have amounted to many hundreds of millions this year alone — with Sudan’s recent blackout being the most expensive to date. COST allows users to see the indirect economic effects of internet shutdowns, says NetBlocks’ director, Alp Toker.
“You see the impact to traders who are not registered in official books,” he adds, pointing to the fact that both the informal sector and the impact to investment are included in the calculation.
Toker believes internet shutdowns can even be more costly in developing countries because they are less likely to have other good communication systems, such as a functioning postal service or a good network of landlines.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/the-government-or-the-people-telecoms-firms-trapped-in-internet-shutdowns
#goverments #internet #shutdown #restriction #blackout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
What Are You DOING With This Information?
Today we hear from a listener who is actually taking steps to detach herself from the #BigTech #matrix. So what are you doing with this information and what changes are you making in your life? Inspire us with your story!
📺 https://www.corbettreport.com/what-are-you-doing-with-this-information/
#corbettreport #podcast #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Today we hear from a listener who is actually taking steps to detach herself from the #BigTech #matrix. So what are you doing with this information and what changes are you making in your life? Inspire us with your story!
📺 https://www.corbettreport.com/what-are-you-doing-with-this-information/
#corbettreport #podcast #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Bangladesh’s Digital Security Bill can have a ‘chilling effect on free speech’: Asia Internet Coalition
We missed this earlier.
Asia Internet Coalition said in June that Bangladesh’s Digital Security Bill (BDSA) creates several obstacles to the conducive use of the internet ecosystem due to several vague obligations, unchecked powers, disproportionate penalties, and unworkable compliance requirements. The coalition, to which Facebook, Google, Amazon, LinkedIn, Twitter, Yahoo! are members, pointed out that the Act can have a chilling effect on free speech, and highlighted issues with how offences are laid out in it. Other members of the coalition are Apple, Expedia Group, Line, Rakuten, Airbnb, Grab, and Booking.com.
Bangladesh had passed the Digital Security Bill 2018 in September last year. Protests have been carried out against the bill; Amnesty International has called the law an attack on freedom of expression.
The coalition pointed out its issues with the Act, and also made some recommendations:
The act can have a ‘chilling effect on free speech’; offences under Act vague and subjective
AIC said that certain provisions of the act such as Section 21, 25 and 31 will have a “chilling effect on speech” because they’re “vaguely drafted”. It cited Section 66A of India’s IT Act which the Indian Supreme Court struck down for being “open ended, undefined, and vague”. It also urged the Bangladeshi government bear in view the “well established” tenets of international human rights law such as Article 19(3) of the International Convention on Civil and Political Rights. It points out issues specific to different clauses:
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/bangladeshs-digital-security-bill-can-have-a-chilling-effect-on-free-speech-asia-internet-coalition
#Bangladesh #DigitalSecurityBil #BDSA #Asia #FreeSpeach #chilling #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
We missed this earlier.
Asia Internet Coalition said in June that Bangladesh’s Digital Security Bill (BDSA) creates several obstacles to the conducive use of the internet ecosystem due to several vague obligations, unchecked powers, disproportionate penalties, and unworkable compliance requirements. The coalition, to which Facebook, Google, Amazon, LinkedIn, Twitter, Yahoo! are members, pointed out that the Act can have a chilling effect on free speech, and highlighted issues with how offences are laid out in it. Other members of the coalition are Apple, Expedia Group, Line, Rakuten, Airbnb, Grab, and Booking.com.
Bangladesh had passed the Digital Security Bill 2018 in September last year. Protests have been carried out against the bill; Amnesty International has called the law an attack on freedom of expression.
The coalition pointed out its issues with the Act, and also made some recommendations:
The act can have a ‘chilling effect on free speech’; offences under Act vague and subjective
AIC said that certain provisions of the act such as Section 21, 25 and 31 will have a “chilling effect on speech” because they’re “vaguely drafted”. It cited Section 66A of India’s IT Act which the Indian Supreme Court struck down for being “open ended, undefined, and vague”. It also urged the Bangladeshi government bear in view the “well established” tenets of international human rights law such as Article 19(3) of the International Convention on Civil and Political Rights. It points out issues specific to different clauses:
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/bangladeshs-digital-security-bill-can-have-a-chilling-effect-on-free-speech-asia-internet-coalition
#Bangladesh #DigitalSecurityBil #BDSA #Asia #FreeSpeach #chilling #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Attacking the Heart of the German Industry
For a number of years now, a group of professional hackers has been busy spying on businesses all over the world: Winnti. Believed to be controlled by China. For the first time, in a joint investigation, German public broadcasters BR and NDR are shedding light on how the hackers operate and how widespread they are.
This investigation starts with a code: daa0 c7cb f4f0 fbcf d6d1. If you know what to look for, you’ll find Winnti. Hackers who have been spying on businesses all over the world for years. A group, presumably China-based, has honed in on Germany and its DAX corporations. For the first time ever, BR and NDR reporters have successfully analyzed hundreds of the malware versions used for that unsavory purpose. The targets: At least six DAX corporations, the stock-listed top companies of the German industry.
Winnti is a highly complex structure that is difficult to penetrate. The term denotes both a sophisticated malware and an actual group of hackers. IT security experts like to call them digital mercenaries. Since at least 2011, these hackers have been using malware to spy on corporate networks. Their mode of operation: to collect information on the organizational charts of companies, on cooperating departments, on the IT systems of individual business units, and on trade secrets, obviously.
Asked about the group an IT security expert who has been analyzing the attacks for years replies, tongue in cheek: “Any DAX corporation that hasn’t been attacked by Winnti must have done something wrong.” A high-ranking German official says: “The numbers of cases are mind-boggling.” And claims that the group continues to be highly active—to this very day. The official’s name will remain undisclosed, as will names of the more than 30 people whom we were able to interview for this article: Company staff, IT security experts, government officials, and representatives of security authorities. They are either not willing or not allowed to speak frankly. But they are allowed to reveal some of their tactics.
This allows us to find the software and to figure out for ourselves how the attackers work. Thanks to the help received from the informers, we, the reporters, are able to get on to the group. Part of their trail is the following code: daa0 c7cb f4f0 fbcf d6d1.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/attacking-the-heart-of-the-german-industry
#hacker #china #winnti #attack #spionage #cyberattack #cyberspionage #BASF #Siemens #Henkel
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
For a number of years now, a group of professional hackers has been busy spying on businesses all over the world: Winnti. Believed to be controlled by China. For the first time, in a joint investigation, German public broadcasters BR and NDR are shedding light on how the hackers operate and how widespread they are.
This investigation starts with a code: daa0 c7cb f4f0 fbcf d6d1. If you know what to look for, you’ll find Winnti. Hackers who have been spying on businesses all over the world for years. A group, presumably China-based, has honed in on Germany and its DAX corporations. For the first time ever, BR and NDR reporters have successfully analyzed hundreds of the malware versions used for that unsavory purpose. The targets: At least six DAX corporations, the stock-listed top companies of the German industry.
Winnti is a highly complex structure that is difficult to penetrate. The term denotes both a sophisticated malware and an actual group of hackers. IT security experts like to call them digital mercenaries. Since at least 2011, these hackers have been using malware to spy on corporate networks. Their mode of operation: to collect information on the organizational charts of companies, on cooperating departments, on the IT systems of individual business units, and on trade secrets, obviously.
Asked about the group an IT security expert who has been analyzing the attacks for years replies, tongue in cheek: “Any DAX corporation that hasn’t been attacked by Winnti must have done something wrong.” A high-ranking German official says: “The numbers of cases are mind-boggling.” And claims that the group continues to be highly active—to this very day. The official’s name will remain undisclosed, as will names of the more than 30 people whom we were able to interview for this article: Company staff, IT security experts, government officials, and representatives of security authorities. They are either not willing or not allowed to speak frankly. But they are allowed to reveal some of their tactics.
This allows us to find the software and to figure out for ourselves how the attackers work. Thanks to the help received from the informers, we, the reporters, are able to get on to the group. Part of their trail is the following code: daa0 c7cb f4f0 fbcf d6d1.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/attacking-the-heart-of-the-german-industry
#hacker #china #winnti #attack #spionage #cyberattack #cyberspionage #BASF #Siemens #Henkel
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
This media is not supported in your browser
VIEW IN TELEGRAM
Your family is none of their business
❗️ Today’s children have the most complex digital footprint in human history, with their data being collected by private companies and governments alike.
❗️ The consequences on a child’s future revolve around one’s freedom to learn from mistakes, the reputation damage caused by past mistakes, and the traumatic effects of discriminatory algorithms.
💡 https://edri.org/your-family-is-none-of-their-business/
#children #tracking #DigitalFootprint #EDRI #thinkabout #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
❗️ Today’s children have the most complex digital footprint in human history, with their data being collected by private companies and governments alike.
❗️ The consequences on a child’s future revolve around one’s freedom to learn from mistakes, the reputation damage caused by past mistakes, and the traumatic effects of discriminatory algorithms.
💡 https://edri.org/your-family-is-none-of-their-business/
#children #tracking #DigitalFootprint #EDRI #thinkabout #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
TikTok suspends accounts of three users after Shiv Sena’s IT Cell files FIR
Until last week Team 07 was one of the most popular TikTok groups in India. Then some of the members posted videos protesting a lynching of a Muslim - and their accounts were banned. “We have a zero tolerance policy against content that has a negative impact on our users or the country we operate in,” TikTok said.
In India, the Chinese app has been on talk shows for weeks, accused of unpatriotic propaganda.
Faisal Shaikh, 22, is so famous he can’t leave his home in suburban Mumbai without being mobbed. It’s hard not to be identified on the streets if 22 million people know what you look like. Until two weeks ago, Shaikh, or Mr Faisu, was one of TikTok’s biggest stars in India, but today neither he nor his millions of fans can access his page. On July 8, TikTok suspended the accounts of three of its users based on an FIR filed by a member of the Shiv Sena’s IT Cell. All three of them are young Muslim men with millions of followers each on the social network meant for sharing short, quirky videos.
Hasnain Khan, Shadan Farooqui and Faisal Shaikh are part of a five-member college group from Mumbai who are known on TikTok as Team 07. The other two members of the team are Adnan Shaikh and Faiz Baloch. They first bonded over their love of motorcycle stunts. Together, the five users have a following of over 40 million people.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/tiktok-suspends-accounts-of-three-users-after-shiv-senas-it-cell-files-fir
#TikTok #India #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Until last week Team 07 was one of the most popular TikTok groups in India. Then some of the members posted videos protesting a lynching of a Muslim - and their accounts were banned. “We have a zero tolerance policy against content that has a negative impact on our users or the country we operate in,” TikTok said.
In India, the Chinese app has been on talk shows for weeks, accused of unpatriotic propaganda.
Faisal Shaikh, 22, is so famous he can’t leave his home in suburban Mumbai without being mobbed. It’s hard not to be identified on the streets if 22 million people know what you look like. Until two weeks ago, Shaikh, or Mr Faisu, was one of TikTok’s biggest stars in India, but today neither he nor his millions of fans can access his page. On July 8, TikTok suspended the accounts of three of its users based on an FIR filed by a member of the Shiv Sena’s IT Cell. All three of them are young Muslim men with millions of followers each on the social network meant for sharing short, quirky videos.
Hasnain Khan, Shadan Farooqui and Faisal Shaikh are part of a five-member college group from Mumbai who are known on TikTok as Team 07. The other two members of the team are Adnan Shaikh and Faiz Baloch. They first bonded over their love of motorcycle stunts. Together, the five users have a following of over 40 million people.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/tiktok-suspends-accounts-of-three-users-after-shiv-senas-it-cell-files-fir
#TikTok #India #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Internet’s wildest man arrested after Caribbean odyssey
John McAfee, inventor of the virus scanner named after him and self-proclaimed US presidential candidate, has been temporarily arrested in the Dominican Republic for illegal possession of weapons.
A few days ago, McAfee posed with the weapons on Twitter, possibly providing the reason for the arrest.
Wednesday night he was released after three days and said he was leaving the country. He must leave his yacht behind.
Weapons, getaways, conspiracy theories, murder suspicions: John McAfee’s life is so exciting that Netflix made a series out of it - and Hollywood wanted to shoot a film of his life story with Johnny Depp in the leading role. Planned title: “Welcome to the Jungle”.
The eccentric IT entrepreneur is something like the mascot of the Internet. He has made millions with software, lost millions, staged himself as a renegade against everything and everyone, and claims that the CIA is after him. On photos he usually has a cigarette, a drink or a pump gun in his hand. On Twitter he entertains more than a million followers with his escapades. In recent days, another chapter has been added to the McAfee saga.
After an odyssey through the Caribbean, McAfee, his wife Janice and four other people, including a German citizen, were arrested in a port in the Dominican Republic. The country’s security forces confirmed Monday’s arrest, according to the AP news agency. Since Wednesday night, he has been at large again, as he announced on Twitter, garnished with photos in which he embraces grinning Dominican policemen.
👉🏼 Read the full (translated) story without ads n shit:
https://rwtxt.lelux.fi/blackbox/internets-wildest-man-arrested-after-caribbean-odyssey
#McAfee #arrested #caribbean
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
John McAfee, inventor of the virus scanner named after him and self-proclaimed US presidential candidate, has been temporarily arrested in the Dominican Republic for illegal possession of weapons.
A few days ago, McAfee posed with the weapons on Twitter, possibly providing the reason for the arrest.
Wednesday night he was released after three days and said he was leaving the country. He must leave his yacht behind.
Weapons, getaways, conspiracy theories, murder suspicions: John McAfee’s life is so exciting that Netflix made a series out of it - and Hollywood wanted to shoot a film of his life story with Johnny Depp in the leading role. Planned title: “Welcome to the Jungle”.
The eccentric IT entrepreneur is something like the mascot of the Internet. He has made millions with software, lost millions, staged himself as a renegade against everything and everyone, and claims that the CIA is after him. On photos he usually has a cigarette, a drink or a pump gun in his hand. On Twitter he entertains more than a million followers with his escapades. In recent days, another chapter has been added to the McAfee saga.
After an odyssey through the Caribbean, McAfee, his wife Janice and four other people, including a German citizen, were arrested in a port in the Dominican Republic. The country’s security forces confirmed Monday’s arrest, according to the AP news agency. Since Wednesday night, he has been at large again, as he announced on Twitter, garnished with photos in which he embraces grinning Dominican policemen.
👉🏼 Read the full (translated) story without ads n shit:
https://rwtxt.lelux.fi/blackbox/internets-wildest-man-arrested-after-caribbean-odyssey
#McAfee #arrested #caribbean
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Further study proves lie of “anonymous” data
Anonymous data is often not really anonymous at all, in many data records individuals can be uniquely identified even without a name. A new study illustrates the amazing precision with which this can be done. Many companies and databases undermine the basic data protection regulation.
Not everywhere where it says anonymous is also anonymous in it. This is made clear by a study in the scientific journal “Nature”. The researchers can identify 99.98 percent of Americans in each data set, with only 15 characteristics such as age, place of residence or nationality.
The scientists’ example: a cheap health insurance company sells customer data, but only “anonymously” and only from a fraction of the database. The study makes it clear: this is not true anonymity, the data is not secure. People are simply too unique to hide in databases. Removing names only makes records pseudonymous, not anonymous. With an online tool, anyone can trace the de-anonymization themselves.
The authors write that “even highly fragmented anonymized data records do not meet the modern anonymization standards of the Basic Data Protection Ordinance”. Their results question “the technical and legal adequacy” of simply deleting directly identifying data types and not worrying about identifiability using other data types.
Data is never completely anonymous
“The study once again shows very beautifully what we have known for a long time,” says data protection researcher Wolfie Christl to netzpolitik.org. “As long as data records relating to individuals are being processed, no form of anonymization can prevent individuals from being reidentified with complete certainty.
👉🏼 Read the full (translated) story without ads n shit:
https://rwtxt.lelux.fi/blackbox/further-study-proves-lie-of-anonymous-data
#study #data #anonymous #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Anonymous data is often not really anonymous at all, in many data records individuals can be uniquely identified even without a name. A new study illustrates the amazing precision with which this can be done. Many companies and databases undermine the basic data protection regulation.
Not everywhere where it says anonymous is also anonymous in it. This is made clear by a study in the scientific journal “Nature”. The researchers can identify 99.98 percent of Americans in each data set, with only 15 characteristics such as age, place of residence or nationality.
The scientists’ example: a cheap health insurance company sells customer data, but only “anonymously” and only from a fraction of the database. The study makes it clear: this is not true anonymity, the data is not secure. People are simply too unique to hide in databases. Removing names only makes records pseudonymous, not anonymous. With an online tool, anyone can trace the de-anonymization themselves.
The authors write that “even highly fragmented anonymized data records do not meet the modern anonymization standards of the Basic Data Protection Ordinance”. Their results question “the technical and legal adequacy” of simply deleting directly identifying data types and not worrying about identifiability using other data types.
Data is never completely anonymous
“The study once again shows very beautifully what we have known for a long time,” says data protection researcher Wolfie Christl to netzpolitik.org. “As long as data records relating to individuals are being processed, no form of anonymization can prevent individuals from being reidentified with complete certainty.
👉🏼 Read the full (translated) story without ads n shit:
https://rwtxt.lelux.fi/blackbox/further-study-proves-lie-of-anonymous-data
#study #data #anonymous #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Amazon Requires Police to Shill Surveillance Cameras in Secret Agreement
Amazon's home security company Ring has enlisted local police departments around the country to advertise its surveillance cameras in exchange for free Ring products and a “portal” that allows police to request footage from these cameras, a secret agreement obtained by Motherboard shows. The agreement also requires police to “keep the terms of this program confidential.”
Dozens of police departments around the country have partnered with Ring, but until now, the exact terms of these partnerships have remained unknown. A signed memorandum of understanding between Ring and the police department of Lakeland, Florida, and emails obtained via a public records request, show that Ring is using local police as a de facto advertising firm. Police are contractually required to "Engage the Lakeland community with outreach efforts on the platform to encourage adoption of the platform/app.”
In order to partner with Ring, police departments must also assign officers to Ring-specific roles that include a press coordinator, a social media manager, and a community relations coordinator.
Ring donated 15 free doorbell surveillance cameras to the Lakeland Police Department, and created a program to encourage people to download its “neighborhood watch” app, Neighbors. For every Lakeland resident that downloads Neighbors as a result of the partnership, the documents show, the Lakeland Police Department gets credit toward more free Ring cameras for residents: “Each qualifying download will count as $10 towards these free Ring cameras.” A Ring doorbell camera currently costs $130 on Amazon.
👉🏼 Read more:
https://outline.com/TvwejM
#DeleteAmazon #security #ring #surveillance #police #shill #secret #agreement #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Amazon's home security company Ring has enlisted local police departments around the country to advertise its surveillance cameras in exchange for free Ring products and a “portal” that allows police to request footage from these cameras, a secret agreement obtained by Motherboard shows. The agreement also requires police to “keep the terms of this program confidential.”
Dozens of police departments around the country have partnered with Ring, but until now, the exact terms of these partnerships have remained unknown. A signed memorandum of understanding between Ring and the police department of Lakeland, Florida, and emails obtained via a public records request, show that Ring is using local police as a de facto advertising firm. Police are contractually required to "Engage the Lakeland community with outreach efforts on the platform to encourage adoption of the platform/app.”
In order to partner with Ring, police departments must also assign officers to Ring-specific roles that include a press coordinator, a social media manager, and a community relations coordinator.
Ring donated 15 free doorbell surveillance cameras to the Lakeland Police Department, and created a program to encourage people to download its “neighborhood watch” app, Neighbors. For every Lakeland resident that downloads Neighbors as a result of the partnership, the documents show, the Lakeland Police Department gets credit toward more free Ring cameras for residents: “Each qualifying download will count as $10 towards these free Ring cameras.” A Ring doorbell camera currently costs $130 on Amazon.
👉🏼 Read more:
https://outline.com/TvwejM
#DeleteAmazon #security #ring #surveillance #police #shill #secret #agreement #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
US state of Louisiana proclaims state of emergency because of blackmail Trojan attack
The governor of the US state of Louisiana has declared a state of emergency after several school districts in his state were attacked by blackmail Trojans. After Colorado in February 2018, this is the second time a U.S. state has activated such laws.
https://gov.louisiana.gov/assets/EmergencyProclamations/115-JBE-2019-State-of-Emergency-Cybersecurity-Incident.pdf
#USA #louisiana #cybersecurity #StateOfEmergency
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The governor of the US state of Louisiana has declared a state of emergency after several school districts in his state were attacked by blackmail Trojans. After Colorado in February 2018, this is the second time a U.S. state has activated such laws.
https://gov.louisiana.gov/assets/EmergencyProclamations/115-JBE-2019-State-of-Emergency-Cybersecurity-Incident.pdf
#USA #louisiana #cybersecurity #StateOfEmergency
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Ad Tool Facebook Built to Fight Disinformation Doesn’t Work as Advertised
The social network’s new ad library is so flawed, researchers say, that it is effectively useless as a way to track political messaging.
Faced with a rising backlash over the spread of disinformation in the aftermath of the 2016 elections, Facebook last year came up with a seemingly straightforward solution: It created an online library of all the advertisements on the social network.
Transparency, it decided, was the best disinfectant.
Ads would stay in the library for seven years, letting ordinary users see who was pushing what messages and how much they were paying to do it. Facebook gave researchers and journalists deeper access, allowing them to extract information directly from the library so they could create their own databases and tools to analyze the ads — and ferret out disinformation that had slipped past the social network’s safeguards.
“We know we can’t protect elections alone,” Facebook said when it unveiled the latest version of its Ad Library in March. “We’re committed to creating a new standard of transparency and authenticity for advertising.”
But instead of setting a new standard, Facebook appears to have fallen short. While ordinary users can look up individual ads without a problem, access to the library’s data is so plagued by bugs and technical constraints that it is effectively useless as a way to comprehensively track political advertising, according to independent researchers and two previously unreported studies on the archive’s reliability, one by the French government and the other by researchers at Mozilla, the maker of the Firefox web browser.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/ad-tool-facebook-built-to-fight-disinformation-doesnt-work-as-advertised
#DeleteFacebook #disinformation #researchers #Transparency
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The social network’s new ad library is so flawed, researchers say, that it is effectively useless as a way to track political messaging.
Faced with a rising backlash over the spread of disinformation in the aftermath of the 2016 elections, Facebook last year came up with a seemingly straightforward solution: It created an online library of all the advertisements on the social network.
Transparency, it decided, was the best disinfectant.
Ads would stay in the library for seven years, letting ordinary users see who was pushing what messages and how much they were paying to do it. Facebook gave researchers and journalists deeper access, allowing them to extract information directly from the library so they could create their own databases and tools to analyze the ads — and ferret out disinformation that had slipped past the social network’s safeguards.
“We know we can’t protect elections alone,” Facebook said when it unveiled the latest version of its Ad Library in March. “We’re committed to creating a new standard of transparency and authenticity for advertising.”
But instead of setting a new standard, Facebook appears to have fallen short. While ordinary users can look up individual ads without a problem, access to the library’s data is so plagued by bugs and technical constraints that it is effectively useless as a way to comprehensively track political advertising, according to independent researchers and two previously unreported studies on the archive’s reliability, one by the French government and the other by researchers at Mozilla, the maker of the Firefox web browser.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/ad-tool-facebook-built-to-fight-disinformation-doesnt-work-as-advertised
#DeleteFacebook #disinformation #researchers #Transparency
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
US Congress: Election systems attacked in all 50 states
In the US presidential election, hackers attacked digital election infrastructure in all 50 states. This is the result of an investigation by the US Congress. MEPs warn against incalculable risks, even without manipulated votes.
Read the Senate Intelligence Committee’s report: ‘Russian Efforts Against Election Infrastructure,’ (volume one)
https://games-cdn.washingtonpost.com/notes/prod/default/documents/6d6ee989-d0bf-4d7c-a158-a979c74bad3e/note/fe8e288b-e6fe-45ee-8a8b-c5ec463f293f.pdf
#USA #congress #hackers #russia #attack #election #votes #manipulation
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
In the US presidential election, hackers attacked digital election infrastructure in all 50 states. This is the result of an investigation by the US Congress. MEPs warn against incalculable risks, even without manipulated votes.
Read the Senate Intelligence Committee’s report: ‘Russian Efforts Against Election Infrastructure,’ (volume one)
https://games-cdn.washingtonpost.com/notes/prod/default/documents/6d6ee989-d0bf-4d7c-a158-a979c74bad3e/note/fe8e288b-e6fe-45ee-8a8b-c5ec463f293f.pdf
#USA #congress #hackers #russia #attack #election #votes #manipulation
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Tell us if traceability is technically possible: Madras HC to WhatsApp and IIT Madras professor
India has had a problem with WhatsApp rumours and lies for some time now. Therefore, a court demanded that the number of the original channel be displayed next to a forwarded message. Experts should now clarify how this would be technically possible.
On July 24, Court No. 3 of the Madras High Court was packed with barely any standing room. As item no. 14 drew closer on the roster, more people jammed in. That’s because some of the biggest names in Indian legal fraternity had combined forced to make a case against implementing traceability in WhatsApp as the case examined ways in which cybercrime might be curbed with the assistance of social media companies.
Senior Advocates Kapil Sibal and Arvind Datar defended WhatsApp, as former Attorney General of India, Mukul Rohatgi, represented Facebook. The hearing began at 12:20 pm and went on for almost an hour. It saw representation from the government of Tamil Nadu (E. Manoharan), Twitter (Senior Advocate Sajan Poovayya), and Google (Senior Advocate P. S. Raman). Senior Advocate N. L. Rajah, who had represented WhatsApp in the last hearing, was also present. Internet Freedom Foundation, which had been made an intervener in the last hearing on June 27, was represented by Suhrith Parthasarathy. IFF’s executive director, Apar Gupta, was also present.
If this litany of names wasn’t enough, the presence of Brian Hennessey, the director and associate general counsel of WhatsApp, drove home the point that WhatsApp Inc. is paying particular attention to this case.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/tell-us-if-traceability-is-technically-possible-madras-hc-to-whatsapp-and-iit-madras-professor
#DeleteWhatsapp #tracing #india
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
India has had a problem with WhatsApp rumours and lies for some time now. Therefore, a court demanded that the number of the original channel be displayed next to a forwarded message. Experts should now clarify how this would be technically possible.
On July 24, Court No. 3 of the Madras High Court was packed with barely any standing room. As item no. 14 drew closer on the roster, more people jammed in. That’s because some of the biggest names in Indian legal fraternity had combined forced to make a case against implementing traceability in WhatsApp as the case examined ways in which cybercrime might be curbed with the assistance of social media companies.
Senior Advocates Kapil Sibal and Arvind Datar defended WhatsApp, as former Attorney General of India, Mukul Rohatgi, represented Facebook. The hearing began at 12:20 pm and went on for almost an hour. It saw representation from the government of Tamil Nadu (E. Manoharan), Twitter (Senior Advocate Sajan Poovayya), and Google (Senior Advocate P. S. Raman). Senior Advocate N. L. Rajah, who had represented WhatsApp in the last hearing, was also present. Internet Freedom Foundation, which had been made an intervener in the last hearing on June 27, was represented by Suhrith Parthasarathy. IFF’s executive director, Apar Gupta, was also present.
If this litany of names wasn’t enough, the presence of Brian Hennessey, the director and associate general counsel of WhatsApp, drove home the point that WhatsApp Inc. is paying particular attention to this case.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/tell-us-if-traceability-is-technically-possible-madras-hc-to-whatsapp-and-iit-madras-professor
#DeleteWhatsapp #tracing #india
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
🇪🇸 El anonimato va camino de desaparecer.
Con solo 15 atributos demográficos es posible identificar a cada uno de los ciudadanos de Estados Unidos.
Hasta ahora nos identificaba nuestro nombre, un número de DNI, un número de teléfono, una dirección postal o de email. Bastaba con ocultar estos detalles en una base de datos para que no pudiera vincularse una serie de informaciones con su propietario. Ya no.
El reguero de datos que dejamos más la capacidad de almacenarlos y tratarlos hacen que sea cada vez más sencillo identificarnos individualmente a partir de lo que hacemos o somos. El anonimato ya no depende de que alguien averigüe nuestro nombre o teléfono. Ahora nuestro comportamiento o identidad puede desanonimizarnos.
Las oficinas de censo, hospitales o empresas comparten muestras anonimizadas de sus inmensas bases de datos por transparencia o para estudios y comprobaciones. El pequeño tamaño de la muestra hacía difícil que esa información acabara vinculándose a un individuo.
Un nuevo estudio publicado por Nature Communications determina que esa incertidumbre es cuantificable. Y puede eliminarse. La coincidencia de unos datos no tenía por qué implicar que era exactamente esa persona. Con 15 atributos es suficiente para distinguir a cada uno de los estadounidenses, sea cual sea el tamaño de la muestra. "Aunque puede haber mucha gente que tiene 30 y pico años, es hombre, vive en Nueva York, muchos menos nacieron un 5 de enero de 1985, conducen un deportivo rojo y viven con dos niñas y un perro", dice Yves-Alexandre de Montjoye, profesor del Imperial College de Londres y uno de los autores de la investigación.
Los factores decisivos no son siempre los mismos o en la misma medida: a veces es el estado civil y otra la raza o cualquier otro. Pero solo tomando 15 factores el modelo es capaz de certificar con una probabilidad del 99,98% que la persona que buscamos es un perfil único entre una enorme base de datos.
Para encontrar a ese individuo hay que conocerlo o tener acceso obviamente a otra base de datos que nos dé parte de la información equivalente para cotejar. Parece difícil, pero la cantidad de combinaciones que pueden darse es cada vez mayor. La información sobre nosotros que puede encontrarse públicamente es cada día mayor.
A lo largo de la última década, los investigadores han encontrado que puede desanonimizarse con multitud de variables si el número de datos es suficiente: uso de redes sociales, datos genéticos, localización, gasto de tarjeta de crédito, historial de navegación, estilo de escritura, código informático.
El presidente Donald Trump ha sido una víctima reciente de la posibilidad de vincular información obtenida por ahí con muestras públicas de bases de datos. El New York Times publicó hace unos meses unos artículos de investigación sobre la declaración de renta del presidente. El periódico logró desanonimizar información fiscal de Trump en una lista de los contribuyentes más ricos del país a partir de unos datos que les había pasado una fuente: "El Times fue capaz de encontrar datos coincidentes en la información fiscal de los mayores contribuyentes (una base de datos disponible públicamente que cada año incluye una muestra de un tercio de esos contribuyentes, con los datos identificativos suprimidos)", dice el periódico.
"Los ataques solo van a mejorar", dice Arvind Narayanan, profesor de la Universidad de Princeton y autor del estudio que demostró que en una base de datos de 2006 solo con la información de evaluación de películas de medio millón de suscriptores de Netflix era posible identificar a individuos. Es decir, la capacidad de vincular nuestro pasado con información de bases de datos anónimas pero públicas solo va a mejorar.
"Nuestra recomendación", añade Narayanan, "es que la carga de la prueba recaiga en el controlador de los datos para que demuestre fehacientemente que los datos anónimos no pueden ser ligados a individuos, en lugar de que sean los defensores de la privacidad los que deban probar que esa relación es posible."
Con solo 15 atributos demográficos es posible identificar a cada uno de los ciudadanos de Estados Unidos.
Hasta ahora nos identificaba nuestro nombre, un número de DNI, un número de teléfono, una dirección postal o de email. Bastaba con ocultar estos detalles en una base de datos para que no pudiera vincularse una serie de informaciones con su propietario. Ya no.
El reguero de datos que dejamos más la capacidad de almacenarlos y tratarlos hacen que sea cada vez más sencillo identificarnos individualmente a partir de lo que hacemos o somos. El anonimato ya no depende de que alguien averigüe nuestro nombre o teléfono. Ahora nuestro comportamiento o identidad puede desanonimizarnos.
Las oficinas de censo, hospitales o empresas comparten muestras anonimizadas de sus inmensas bases de datos por transparencia o para estudios y comprobaciones. El pequeño tamaño de la muestra hacía difícil que esa información acabara vinculándose a un individuo.
Un nuevo estudio publicado por Nature Communications determina que esa incertidumbre es cuantificable. Y puede eliminarse. La coincidencia de unos datos no tenía por qué implicar que era exactamente esa persona. Con 15 atributos es suficiente para distinguir a cada uno de los estadounidenses, sea cual sea el tamaño de la muestra. "Aunque puede haber mucha gente que tiene 30 y pico años, es hombre, vive en Nueva York, muchos menos nacieron un 5 de enero de 1985, conducen un deportivo rojo y viven con dos niñas y un perro", dice Yves-Alexandre de Montjoye, profesor del Imperial College de Londres y uno de los autores de la investigación.
Los factores decisivos no son siempre los mismos o en la misma medida: a veces es el estado civil y otra la raza o cualquier otro. Pero solo tomando 15 factores el modelo es capaz de certificar con una probabilidad del 99,98% que la persona que buscamos es un perfil único entre una enorme base de datos.
Para encontrar a ese individuo hay que conocerlo o tener acceso obviamente a otra base de datos que nos dé parte de la información equivalente para cotejar. Parece difícil, pero la cantidad de combinaciones que pueden darse es cada vez mayor. La información sobre nosotros que puede encontrarse públicamente es cada día mayor.
A lo largo de la última década, los investigadores han encontrado que puede desanonimizarse con multitud de variables si el número de datos es suficiente: uso de redes sociales, datos genéticos, localización, gasto de tarjeta de crédito, historial de navegación, estilo de escritura, código informático.
El presidente Donald Trump ha sido una víctima reciente de la posibilidad de vincular información obtenida por ahí con muestras públicas de bases de datos. El New York Times publicó hace unos meses unos artículos de investigación sobre la declaración de renta del presidente. El periódico logró desanonimizar información fiscal de Trump en una lista de los contribuyentes más ricos del país a partir de unos datos que les había pasado una fuente: "El Times fue capaz de encontrar datos coincidentes en la información fiscal de los mayores contribuyentes (una base de datos disponible públicamente que cada año incluye una muestra de un tercio de esos contribuyentes, con los datos identificativos suprimidos)", dice el periódico.
"Los ataques solo van a mejorar", dice Arvind Narayanan, profesor de la Universidad de Princeton y autor del estudio que demostró que en una base de datos de 2006 solo con la información de evaluación de películas de medio millón de suscriptores de Netflix era posible identificar a individuos. Es decir, la capacidad de vincular nuestro pasado con información de bases de datos anónimas pero públicas solo va a mejorar.
"Nuestra recomendación", añade Narayanan, "es que la carga de la prueba recaiga en el controlador de los datos para que demuestre fehacientemente que los datos anónimos no pueden ser ligados a individuos, en lugar de que sean los defensores de la privacidad los que deban probar que esa relación es posible."