Avast and French police take over malware botnet and disinfect 850,000 computers
Joint private-law enforcement efforts shuts down two-year-old Redatup malware operation for good.
Antivirus maker Avast and the French National Gendarmerie announced today that they've taken down the backend infrastructure of the Retadup malware gang.
Furthermore, as a result of gaining access to this infrastructure, Avast and French authorities used the criminal gang's command and control (C&C) servers to instruct the Retadup malware to delete itself from infected computers, effectively disinfecting over 850,000 Windows systems without users having to do anything.
Most Redatup victims were located in Latin America
The antivirus maker said that all of this was possible after its malware analysts began looking into the malware with a fine comb back in March.
Avast researchers discovered a design flaw in the C&C server communications protocol that could allow them to instruct the malware to deleting itself.
Since the Redatup malware's C&C servers were located in France, Avast approached French authorities, who agreed to help, and seized the crooks' servers.
Once Avast and French officials had the Redatup servers in their hands, they replaced the malicious ones with copies that instructed any infected host which connected to the server to delete itself.
Based on telemetry Avast collected starting with July 2, when they first took over malware's servers, the vast majority of Redatup-infected computers were located in Latin America.
Peru accounted for nearly 35% of all infections, but when researchers added infection numbers from Venezuela, Bolivia, Ecuador, Mexico, Colombia, Argentian, and Cuba, just these nine countries accounted for 85% of the entire Redatup botnet.
#avast #french #police #malware #botnet
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Joint private-law enforcement efforts shuts down two-year-old Redatup malware operation for good.
Antivirus maker Avast and the French National Gendarmerie announced today that they've taken down the backend infrastructure of the Retadup malware gang.
Furthermore, as a result of gaining access to this infrastructure, Avast and French authorities used the criminal gang's command and control (C&C) servers to instruct the Retadup malware to delete itself from infected computers, effectively disinfecting over 850,000 Windows systems without users having to do anything.
Most Redatup victims were located in Latin America
The antivirus maker said that all of this was possible after its malware analysts began looking into the malware with a fine comb back in March.
Avast researchers discovered a design flaw in the C&C server communications protocol that could allow them to instruct the malware to deleting itself.
Since the Redatup malware's C&C servers were located in France, Avast approached French authorities, who agreed to help, and seized the crooks' servers.
Once Avast and French officials had the Redatup servers in their hands, they replaced the malicious ones with copies that instructed any infected host which connected to the server to delete itself.
Based on telemetry Avast collected starting with July 2, when they first took over malware's servers, the vast majority of Redatup-infected computers were located in Latin America.
Peru accounted for nearly 35% of all infections, but when researchers added infection numbers from Venezuela, Bolivia, Ecuador, Mexico, Colombia, Argentian, and Cuba, just these nine countries accounted for 85% of the entire Redatup botnet.
Read more:https://www.zdnet.com/article/avast-and-french-police-take-over-malware-botnet-and-disinfect-850000-computers/
#avast #french #police #malware #botnet
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
From The Handmaid's Tale to Facebook's secrets: best books on surveillance
Joanna Kavenna selects her favourite books that reveal how we are scrutinised – including a history of black slavery and classics by Atwood and Orwell
With immaculate irony, Facebook announced its new cryptocurrency, hoping to bring the financial transactions of its 2.4 billion users on to its platform, in the year that marks 70 years since the publication of George Orwell’s Nineteen Eighty-Four. The digital revolution has dramatically altered the way we live and how we are observed, nudged and guided. But who owns all this knowledge and what do they want it for? Why is this interventionist reality watching us so intently, if it only wants to be our friend?
Knowledge is power – a phrase supposedly coined by Francis Bacon in 1597. Two centuries later, Jeremy Bentham advanced the concept of the panopticon: a prison where “by blinds and other contrivances” a single guard would be concealed, having “the most perfect view of every cell”. In reality the guard couldn’t watch everyone all the time, but in his Panopticon Writings Bentham argued the mere possibility of surveillance was enough to alter a prisoner’s behaviour and therefore ensure “power of mind over mind”. Bentham thought this was a great idea; Michel Foucault begged to differ, suggesting in Discipline and Punish that knowledge linked to power not only assumes the authority of “the truth” but has the power to make itself true.
In Dark Matters, Simone Browne notes that Bentham developed his ideas while travelling on a boat carrying slaves “under the hatches”. A history of the panopticon, she argues, must incorporate 18th-century designs for slave ships, in which a central vantage point permitted a view of all the slaves onboard. The schematic for one such ship (the Brooks, which was built in 1781) depicts “tiny black figures set to represent the enslaved drawn like so many cartoon figures”, Browne writes. Under the panopticon, unique mortals are diminished into a mass, seen through a one-way mirror.
The Russian author Yevgeny Zamyatin’s novel We was banned by the Soviet censorship board in 1921, appearing in an English translation three years later. He describes a future society in which all the buildings are made of glass so – like the panopticon – everyone can be seen at all times. Orwell reviewed We in 1946, three years before echoing Bentham in his own novel, Nineteen Eighty-Four: “There was of course no way of knowing whether you were being watched at any given moment. You had to live … in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinised.”
Bentham’s vision is also explored in Margaret Atwood’s novel The Handmaid’s Tale, in which inhabitants are monitored by the Eyes – the secret police of Gilead. There can be no privacy, no meaningful intimate relations, when your friends or lovers may be Eyes as well.
In our current era, the watchers are more than human, as Shoshana Zuboff examines in The Age of Surveillance Capitalism. A vast network of helpful devices observes our lives and converts them into data, which is used to target us with adverts or predict how we will vote. Yet prediction is an uncertain art. Our friendly global tech companies are less like soothsayers than magicians, urging us towards a particular card while convincing us it is the one we have freely chosen. The idea that our hidden, private selves are known may be unpleasant, as Peter Pomerantsev puts it in This Is Not Propaganda, but it is more disconcerting to imagine “that ‘they’ know something about me which I hadn’t realised myself, that I’m not who I think I am”. Time to read Dorian Lynskey’s cultural biography of Nineteen Eighty-Four, The Ministry of Truth, and to defriend Siri.
https://www.theguardian.com/books/2019/sep/02/from-the-handmaids-tale-to-facebooks-secrets-best-books-on-surveillance
#surveillance #secrets #DeleteFacebook #books
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Joanna Kavenna selects her favourite books that reveal how we are scrutinised – including a history of black slavery and classics by Atwood and Orwell
With immaculate irony, Facebook announced its new cryptocurrency, hoping to bring the financial transactions of its 2.4 billion users on to its platform, in the year that marks 70 years since the publication of George Orwell’s Nineteen Eighty-Four. The digital revolution has dramatically altered the way we live and how we are observed, nudged and guided. But who owns all this knowledge and what do they want it for? Why is this interventionist reality watching us so intently, if it only wants to be our friend?
Knowledge is power – a phrase supposedly coined by Francis Bacon in 1597. Two centuries later, Jeremy Bentham advanced the concept of the panopticon: a prison where “by blinds and other contrivances” a single guard would be concealed, having “the most perfect view of every cell”. In reality the guard couldn’t watch everyone all the time, but in his Panopticon Writings Bentham argued the mere possibility of surveillance was enough to alter a prisoner’s behaviour and therefore ensure “power of mind over mind”. Bentham thought this was a great idea; Michel Foucault begged to differ, suggesting in Discipline and Punish that knowledge linked to power not only assumes the authority of “the truth” but has the power to make itself true.
In Dark Matters, Simone Browne notes that Bentham developed his ideas while travelling on a boat carrying slaves “under the hatches”. A history of the panopticon, she argues, must incorporate 18th-century designs for slave ships, in which a central vantage point permitted a view of all the slaves onboard. The schematic for one such ship (the Brooks, which was built in 1781) depicts “tiny black figures set to represent the enslaved drawn like so many cartoon figures”, Browne writes. Under the panopticon, unique mortals are diminished into a mass, seen through a one-way mirror.
The Russian author Yevgeny Zamyatin’s novel We was banned by the Soviet censorship board in 1921, appearing in an English translation three years later. He describes a future society in which all the buildings are made of glass so – like the panopticon – everyone can be seen at all times. Orwell reviewed We in 1946, three years before echoing Bentham in his own novel, Nineteen Eighty-Four: “There was of course no way of knowing whether you were being watched at any given moment. You had to live … in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinised.”
Bentham’s vision is also explored in Margaret Atwood’s novel The Handmaid’s Tale, in which inhabitants are monitored by the Eyes – the secret police of Gilead. There can be no privacy, no meaningful intimate relations, when your friends or lovers may be Eyes as well.
In our current era, the watchers are more than human, as Shoshana Zuboff examines in The Age of Surveillance Capitalism. A vast network of helpful devices observes our lives and converts them into data, which is used to target us with adverts or predict how we will vote. Yet prediction is an uncertain art. Our friendly global tech companies are less like soothsayers than magicians, urging us towards a particular card while convincing us it is the one we have freely chosen. The idea that our hidden, private selves are known may be unpleasant, as Peter Pomerantsev puts it in This Is Not Propaganda, but it is more disconcerting to imagine “that ‘they’ know something about me which I hadn’t realised myself, that I’m not who I think I am”. Time to read Dorian Lynskey’s cultural biography of Nineteen Eighty-Four, The Ministry of Truth, and to defriend Siri.
https://www.theguardian.com/books/2019/sep/02/from-the-handmaids-tale-to-facebooks-secrets-best-books-on-surveillance
#surveillance #secrets #DeleteFacebook #books
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
🇪🇸 La aplicación viral que te convierte en estrella, a cambio de tus datos.
La aplicación Zao hace furor en China suplantando la imagen de todo tipo de famosos, pero se extiende la preocupación por los datos personales que recoge la empresa que la desarrolla.
¿Quién no ha soñado alguna vez con ser una gran estrella de cine, un deportista de éxito, o, en estos tiempos, el influencer más famoso? Pues, en China, ahora cualquiera puede hacer realidad ese deseo. No hay más que descargar la aplicación móvil de Zao, seguir unos sencillos pasos y, ¡voilà!, el vídeo del usuario convertido en quienquiera ser está listo para ser descargado y, sobre todo, para ser compartido en las redes sociales. De forma alternativa, también se puede crear un archivo GIF para enviar como emoticono.
Es lo que se conoce como un deep fake, una suplantación de identidad que, en este caso, consiste en utilizar sistemas de inteligencia artificial para combinar el rostro del usuario con el del famoso de turno de forma que el primero parezca el segundo. En el gigante asiático, la aplicación se ha vuelto tan viral que es ya, según App Annie, el programa gratuito más descargado de la App Store de Apple en China este año. Y es algo que se evidencia en redes como Weibo o WeChat, que se han llenado de clips de películas y series famosas con protagonistas inesperados en un fenómeno que recuerda al de la FaceApp que sirve para envejecerse de forma virtual.
Gran parte de su éxito reside en la facilidad de uso de Zao. Una vez instalada la app y creada una cuenta, el usuario elige el personaje en el que se quiere convertir en una larga lista en la que hay estrellas chinas y extranjeras. Uno se puede convertir en Chow Yun-fat, pero también en Kristen Stewart. Luego, aprieta el botón de la celebridad elegida, y se hace una foto o elige otro retrato de la galería del móvil. El sistema otorga una puntuación de cero a diez dependiendo de la idoneidad de la imagen, y muestra un mensaje en el que se advierte de que el retrato debe estar libre de derechos y adecuarse a la normativa china.
De lo contrario, el rostro solo se podrá utilizar en diez ocasiones y únicamente para previsualizaciones. Sin una imagen aprobada, el vídeo no se puede guardar, ni exportar, ni siquiera grabar subrepticiamente con una captura de pantalla -screencast-, que da como resultado un vídeo en negro. Para lograr la autorización y poder mostrar su identidad soñada, el usuario debe escanear su cara frente a la cámara del smartphone, mirando a un lado y a otro, subiendo y bajando la cabeza.
En ese último punto reside la polémica, porque muchos usuarios han comenzado a preguntarse qué hace el desarrollador de la aplicación con todos sus datos. Al fin y al cabo, para utilizarla es imprescindible darle acceso a casi todo. En el segundo punto del primer apartado de los términos y condiciones del servicio, Zao advierte: “Para mejorar el producto y el servicio, y para poder ofrecerle información personalizada y anuncios, recogeremos datos sobre sus búsquedas, su teléfono móvil, la ubicación, y el historial de compras”.
En el tercer punto también informa de que se guardarán las imágenes del usuario. Eso sí, en el primer punto del segundo apartado promete no compartir toda esta información con terceros, “salvo que el usuario dé su permiso o sea requerido por ley”. Ese último precepto se puede entender como un "salvo que las autoridades lo pidan", y es constante en todos los servicios para móviles que se ofrecen en la segunda potencia mundial. Por eso, hay quienes, como Yu Lin, se despreocupan por completo: “En China no hay ningún tipo de privacidad, el Gobierno puede disponer de todos mis datos cuando quiera”, comenta esta joven Shanghainesa por WeChat. “Al menos, con Zhao me divierto”.
La aplicación Zao hace furor en China suplantando la imagen de todo tipo de famosos, pero se extiende la preocupación por los datos personales que recoge la empresa que la desarrolla.
¿Quién no ha soñado alguna vez con ser una gran estrella de cine, un deportista de éxito, o, en estos tiempos, el influencer más famoso? Pues, en China, ahora cualquiera puede hacer realidad ese deseo. No hay más que descargar la aplicación móvil de Zao, seguir unos sencillos pasos y, ¡voilà!, el vídeo del usuario convertido en quienquiera ser está listo para ser descargado y, sobre todo, para ser compartido en las redes sociales. De forma alternativa, también se puede crear un archivo GIF para enviar como emoticono.
Es lo que se conoce como un deep fake, una suplantación de identidad que, en este caso, consiste en utilizar sistemas de inteligencia artificial para combinar el rostro del usuario con el del famoso de turno de forma que el primero parezca el segundo. En el gigante asiático, la aplicación se ha vuelto tan viral que es ya, según App Annie, el programa gratuito más descargado de la App Store de Apple en China este año. Y es algo que se evidencia en redes como Weibo o WeChat, que se han llenado de clips de películas y series famosas con protagonistas inesperados en un fenómeno que recuerda al de la FaceApp que sirve para envejecerse de forma virtual.
Gran parte de su éxito reside en la facilidad de uso de Zao. Una vez instalada la app y creada una cuenta, el usuario elige el personaje en el que se quiere convertir en una larga lista en la que hay estrellas chinas y extranjeras. Uno se puede convertir en Chow Yun-fat, pero también en Kristen Stewart. Luego, aprieta el botón de la celebridad elegida, y se hace una foto o elige otro retrato de la galería del móvil. El sistema otorga una puntuación de cero a diez dependiendo de la idoneidad de la imagen, y muestra un mensaje en el que se advierte de que el retrato debe estar libre de derechos y adecuarse a la normativa china.
De lo contrario, el rostro solo se podrá utilizar en diez ocasiones y únicamente para previsualizaciones. Sin una imagen aprobada, el vídeo no se puede guardar, ni exportar, ni siquiera grabar subrepticiamente con una captura de pantalla -screencast-, que da como resultado un vídeo en negro. Para lograr la autorización y poder mostrar su identidad soñada, el usuario debe escanear su cara frente a la cámara del smartphone, mirando a un lado y a otro, subiendo y bajando la cabeza.
En ese último punto reside la polémica, porque muchos usuarios han comenzado a preguntarse qué hace el desarrollador de la aplicación con todos sus datos. Al fin y al cabo, para utilizarla es imprescindible darle acceso a casi todo. En el segundo punto del primer apartado de los términos y condiciones del servicio, Zao advierte: “Para mejorar el producto y el servicio, y para poder ofrecerle información personalizada y anuncios, recogeremos datos sobre sus búsquedas, su teléfono móvil, la ubicación, y el historial de compras”.
En el tercer punto también informa de que se guardarán las imágenes del usuario. Eso sí, en el primer punto del segundo apartado promete no compartir toda esta información con terceros, “salvo que el usuario dé su permiso o sea requerido por ley”. Ese último precepto se puede entender como un "salvo que las autoridades lo pidan", y es constante en todos los servicios para móviles que se ofrecen en la segunda potencia mundial. Por eso, hay quienes, como Yu Lin, se despreocupan por completo: “En China no hay ningún tipo de privacidad, el Gobierno puede disponer de todos mis datos cuando quiera”, comenta esta joven Shanghainesa por WeChat. “Al menos, con Zhao me divierto”.
Hu Yuan también ha probado la aplicación y reconoce que lo ha pasado bien. “No es adictivo como Douyin -Tik-Tok fuera de China-, pero resulta divertido y da curiosidad utilizarlo en las diferentes opciones que ofrece. Mis redes sociales se han llenado de sus vídeos súbitamente y yo subiré los míos para echar unas risas. Pero creo que no durará mucho la moda. Yo borraré inmediatamente el programa, pero no sé si mis datos se los quedará la empresa”, comenta a EL PAÍS después de compartir con este periódico los clips que ha realizado. Los chinos pueden convertirse en cualquier famoso y creen hacerlo gratis. Pero quizá el precio sean sus datos.
En cualquier caso, Zao abre un debate que irá ganando intensidad según se vayan perfeccionando los algoritmos que permiten crear vídeos deep fake. Algunos son tan realistas que pueden pasar por reales, y suponen un paso más en la sofisticación de las noticias falsas. Hay ejemplos curiosos, como los de Donald Trump hablando mandarín de forma fluida, los de otros dirigentes mundiales diciendo cosas que nunca salieron de su boca, o los de personas anónimas que aparecen como virtuosos de habilidades que les son totalmente ajenas. Es evidente que, en un futuro no muy lejano, ni siquiera se podrá decir eso de "ver para creer".
https://elpais.com/tecnologia/2019/09/02/actualidad/1567433490_423816.html
#zao #privacidad
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
En cualquier caso, Zao abre un debate que irá ganando intensidad según se vayan perfeccionando los algoritmos que permiten crear vídeos deep fake. Algunos son tan realistas que pueden pasar por reales, y suponen un paso más en la sofisticación de las noticias falsas. Hay ejemplos curiosos, como los de Donald Trump hablando mandarín de forma fluida, los de otros dirigentes mundiales diciendo cosas que nunca salieron de su boca, o los de personas anónimas que aparecen como virtuosos de habilidades que les son totalmente ajenas. Es evidente que, en un futuro no muy lejano, ni siquiera se podrá decir eso de "ver para creer".
https://elpais.com/tecnologia/2019/09/02/actualidad/1567433490_423816.html
#zao #privacidad
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
El País
La aplicación viral que te convierte en estrella, a cambio de tus datos
La aplicación Zao hace furor en China suplantando la imagen de todo tipo de famosos, pero se extiende la preocupación por los datos personales que recoge la empresa que la desarrolla
🇪🇸Facebook no solo recopila tus datos, también todas las librerías de tu móvil.
Un nuevo descubrimiento pone más en duda la aplicación de Facebook para Android: dicha app recopila los metadatos de todas las librerías del teléfono.
De red social omnipresente a ser el objetivo de las mayores dudas en torno a la privacidad, este es el resumen más notorio en lo que concierne a la evolución de Facebook. Los últimos escándalos no solo hicieron mella en la empresa, también en el resto de compañías que se dedican a las aplicaciones y servicios web; de ahí que la privacidad sea un elemento que cada vez posee más importancia.
Facebook no es el adalid de la privacidad, eso lo sabemos, pero tampoco lo son Google, Amazon o Twitter, por poner otros ejemplos. Aunque Facebook se empeña en mantener ocultas ciertas acciones que realizan sus aplicaciones, tal y como ha señalado Jane Manchun Wong, una conocida especialista en ingeniería inversa de las apps móviles.
Hasta ahora sabíamos que Facebook recopilaba nuestros datos personales, actividad en las aplicaciones y cualquier acción que realicemos en ellas. Nuestros gustos, edad, correos, teléfono… Con los últimos cambios sufridos por la red social podemos administrar en cierta manera todo lo que recopila la empresa, pero no un aspecto que descubrió Jane Manchun: la app de Facebook para Android accede a las librerías de los móviles donde está instalada y comprime los metadatos para subirlos a escondidas a sus servidores.
Facebook comprime y sube a sus servidores las librerías del móvil sin que haya forma de remediarlo
La aplicación de Facebook posee un comportamiento único en Android ya que solo en este sistema tiene el cometido de realizar una copia de los metadatos de las librerías del sistema. En sí no debería de ser peligroso ya que no entraña riesgo para el smartphone, pero no deja de ser sospechoso que esta acción se realice sin ningún tipo de autorización del usuario.
Una vez instalada la aplicación en un móvil Android, tanto da que sea descargada como que Facebook venga de serie en el smartphone, la app realiza un análisis de las librerías del sistema, comprime los metadatos y pasa a subir el archivo a los servidores de la empresa. Ese archivo comprimido se denomina «Global Library Collector» o recolector global de librerías (GLC). En él se incluyen los metadatos de las librerías, una información que define a cada teléfono y lo que tiene instalado; así como la compatibilidad con las aplicaciones o la integridad del sistema.
El verdadero problema del recolector global de librerías es que nadie sabe para qué sirve. Facebook aún no ha aclarado su cometido ni tampoco había especificado previamente este anómalo comportamiento de su aplicación. Además, que solo ocurra en Android levanta más sospechas: todos sabemos que nuestro sistema es más vulnerable a las acciones cometidas por las apps. La propia Facebook llevaba años aprovechándose de Android para recopilar más fácilmente los datos de sus usuarios.
Facebook no revela para qué sirve el GLC, tampoco ofrece opción alguna al usuario para que desactive esta opción. Esto atenta directamente contra la privacidad, por lo que no nos extrañaría que la Unión Europea tomara cartas en el asunto. Por más que el recolector global de librerías no implique un riesgo para el teléfono Facebook no debería saber qué tiene cada usuario en su móvil.
https://elandroidelibre.elespanol.com/2019/09/facebook-recopila-librerias-movil-android.html
#facebook #android #privacidad
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Un nuevo descubrimiento pone más en duda la aplicación de Facebook para Android: dicha app recopila los metadatos de todas las librerías del teléfono.
De red social omnipresente a ser el objetivo de las mayores dudas en torno a la privacidad, este es el resumen más notorio en lo que concierne a la evolución de Facebook. Los últimos escándalos no solo hicieron mella en la empresa, también en el resto de compañías que se dedican a las aplicaciones y servicios web; de ahí que la privacidad sea un elemento que cada vez posee más importancia.
Facebook no es el adalid de la privacidad, eso lo sabemos, pero tampoco lo son Google, Amazon o Twitter, por poner otros ejemplos. Aunque Facebook se empeña en mantener ocultas ciertas acciones que realizan sus aplicaciones, tal y como ha señalado Jane Manchun Wong, una conocida especialista en ingeniería inversa de las apps móviles.
Hasta ahora sabíamos que Facebook recopilaba nuestros datos personales, actividad en las aplicaciones y cualquier acción que realicemos en ellas. Nuestros gustos, edad, correos, teléfono… Con los últimos cambios sufridos por la red social podemos administrar en cierta manera todo lo que recopila la empresa, pero no un aspecto que descubrió Jane Manchun: la app de Facebook para Android accede a las librerías de los móviles donde está instalada y comprime los metadatos para subirlos a escondidas a sus servidores.
Facebook comprime y sube a sus servidores las librerías del móvil sin que haya forma de remediarlo
La aplicación de Facebook posee un comportamiento único en Android ya que solo en este sistema tiene el cometido de realizar una copia de los metadatos de las librerías del sistema. En sí no debería de ser peligroso ya que no entraña riesgo para el smartphone, pero no deja de ser sospechoso que esta acción se realice sin ningún tipo de autorización del usuario.
Una vez instalada la aplicación en un móvil Android, tanto da que sea descargada como que Facebook venga de serie en el smartphone, la app realiza un análisis de las librerías del sistema, comprime los metadatos y pasa a subir el archivo a los servidores de la empresa. Ese archivo comprimido se denomina «Global Library Collector» o recolector global de librerías (GLC). En él se incluyen los metadatos de las librerías, una información que define a cada teléfono y lo que tiene instalado; así como la compatibilidad con las aplicaciones o la integridad del sistema.
El verdadero problema del recolector global de librerías es que nadie sabe para qué sirve. Facebook aún no ha aclarado su cometido ni tampoco había especificado previamente este anómalo comportamiento de su aplicación. Además, que solo ocurra en Android levanta más sospechas: todos sabemos que nuestro sistema es más vulnerable a las acciones cometidas por las apps. La propia Facebook llevaba años aprovechándose de Android para recopilar más fácilmente los datos de sus usuarios.
Facebook no revela para qué sirve el GLC, tampoco ofrece opción alguna al usuario para que desactive esta opción. Esto atenta directamente contra la privacidad, por lo que no nos extrañaría que la Unión Europea tomara cartas en el asunto. Por más que el recolector global de librerías no implique un riesgo para el teléfono Facebook no debería saber qué tiene cada usuario en su móvil.
https://elandroidelibre.elespanol.com/2019/09/facebook-recopila-librerias-movil-android.html
#facebook #android #privacidad
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
El Androide Libre
Facebook no solo recopila tus datos, también todas las librerías de tu móvil
Un nuevo descubrimiento pone más en duda la aplicación de Facebook para Android: dicha app recopila los metadatos de todas las librerías del teléfono.
'Deepfake face swap' app ZAO is making people afraid of the future
The 'deepfake-style face swap app' ZAO has climbed to the top of Android and iPhone download charts in recent weeks. As its popularity grew, so have privacy concerns on Chinese social media, and now, beyond.
👉🏼 Here's how it works:
In case you haven't heard, #ZAO is a Chinese app which completely blew up since Friday. Best application of 'Deepfake'-style AI facial replacement I've ever seen.
Here's an example of me as DiCaprio (generated in under 8 secs from that one photo in the thumbnail) 🤯 pic.twitter.com/1RpnJJ3wgT
— Allan Xia (@AllanXia) September 1, 2019
The sudden wide adoption of ZAO is an “intriguing development in a country where mass surveillance and facial recognition technology are prevalent,” writes Jake Newby at radiichina.com.
“Some social media platforms, including WeChat, have now started blocking ZAO videos,” Newby writes in an update to his story on Monday. “WeChat has done this before with popular rival short video apps.”
The app — developed by Momo, the same company behind popular Chinese dating app Tantan — became an overnight sensation after it began circulating on Friday evening. Hashtags related to the app quickly became some of the hottest on microblogging site Weibo, while the app rocketed up the iOS download charts. Chinese social media feeds quickly became filled with ZAO-produced videos from friends and contacts for many users.
The premise of the app is pretty simple: take a selfie and put yourself into your favorite movie or soap opera (chosen from a pre-selected list of clips). Cue users giving themselves starring roles in Leonardo DiCaprio’s filmography or uninvited guest appearances on Game of Thrones.
Yet the initial buzz around the app quickly gave way to headlines about privacy concerns as reporters from several major tech publications in China actually bothered to read the 6,000 character user agreement required to download ZAO. One clause in particular is causing consternation as it appears to give the app’s developers the global rights to use any imagery created on the app for free. Once a user has opted in, there doesn’t seem to be the right to revoke the agreement.
This story went viral pretty quickly, and ZAO “responded to the above complaints” by amending the user agreement, writes Newby in another update to the Radii piece:
The new agreement states that content generated on the app will now no longer be used for other purposes without the user’s prior consent. It also says that if a user deletes content on ZAO, this will be wiped from ZAO’s databases too, and injects a clause stating that users bear responsibility for having the authorization to use portraits in the app (thereby making the user culpable if someone’s photo is used without their permission). [via
👉🏼 Read more:
https://boingboing.net/2019/09/02/deepfake-face-swap-app-zao.html
#DeapFake #app #FaceSwap #ZAO
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The 'deepfake-style face swap app' ZAO has climbed to the top of Android and iPhone download charts in recent weeks. As its popularity grew, so have privacy concerns on Chinese social media, and now, beyond.
👉🏼 Here's how it works:
In case you haven't heard, #ZAO is a Chinese app which completely blew up since Friday. Best application of 'Deepfake'-style AI facial replacement I've ever seen.
Here's an example of me as DiCaprio (generated in under 8 secs from that one photo in the thumbnail) 🤯 pic.twitter.com/1RpnJJ3wgT
— Allan Xia (@AllanXia) September 1, 2019
The sudden wide adoption of ZAO is an “intriguing development in a country where mass surveillance and facial recognition technology are prevalent,” writes Jake Newby at radiichina.com.
“Some social media platforms, including WeChat, have now started blocking ZAO videos,” Newby writes in an update to his story on Monday. “WeChat has done this before with popular rival short video apps.”
The app — developed by Momo, the same company behind popular Chinese dating app Tantan — became an overnight sensation after it began circulating on Friday evening. Hashtags related to the app quickly became some of the hottest on microblogging site Weibo, while the app rocketed up the iOS download charts. Chinese social media feeds quickly became filled with ZAO-produced videos from friends and contacts for many users.
The premise of the app is pretty simple: take a selfie and put yourself into your favorite movie or soap opera (chosen from a pre-selected list of clips). Cue users giving themselves starring roles in Leonardo DiCaprio’s filmography or uninvited guest appearances on Game of Thrones.
Yet the initial buzz around the app quickly gave way to headlines about privacy concerns as reporters from several major tech publications in China actually bothered to read the 6,000 character user agreement required to download ZAO. One clause in particular is causing consternation as it appears to give the app’s developers the global rights to use any imagery created on the app for free. Once a user has opted in, there doesn’t seem to be the right to revoke the agreement.
This story went viral pretty quickly, and ZAO “responded to the above complaints” by amending the user agreement, writes Newby in another update to the Radii piece:
The new agreement states that content generated on the app will now no longer be used for other purposes without the user’s prior consent. It also says that if a user deletes content on ZAO, this will be wiped from ZAO’s databases too, and injects a clause stating that users bear responsibility for having the authorization to use portraits in the app (thereby making the user culpable if someone’s photo is used without their permission). [via
techmeme.com]👉🏼 Read more:
https://boingboing.net/2019/09/02/deepfake-face-swap-app-zao.html
#DeapFake #app #FaceSwap #ZAO
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Privacy International study shows your mental health is for sale
A new study by Privacy International reveals how popular websites about depression in France, Germany and the UK share user data with advertisers, data brokers and large tech companies, while some depression test websites leak answers and test results with third parties. The findings raise serious concerns about compliance with European data protection and privacy laws.
👉🏼 Story
https://privacyintyqcroe.onion/long-read/3194/privacy-international-study-shows-your-mental-health-sale
👉🏼 Report
https://privacyintyqcroe.onion/report/3193/report-your-mental-health-sale
#privacy #study #report #DataBrokers #ourdata #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
A new study by Privacy International reveals how popular websites about depression in France, Germany and the UK share user data with advertisers, data brokers and large tech companies, while some depression test websites leak answers and test results with third parties. The findings raise serious concerns about compliance with European data protection and privacy laws.
👉🏼 Story
https://privacyintyqcroe.onion/long-read/3194/privacy-international-study-shows-your-mental-health-sale
👉🏼 Report
https://privacyintyqcroe.onion/report/3193/report-your-mental-health-sale
#privacy #study #report #DataBrokers #ourdata #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
🇪🇸 La escuela que usa reconocimiento facial para controlar la asistencia.
Multado con 18.500 euros un colegio sueco por utilizar tecnología facial, pese a contar con el consentimiento de los estudiantes.
Controlar la asistencia de los alumnos en colegios e institutos es una de las prioridades de los centros de enseñanza. Frente a las tradicionales listas de asistencia, hay escuelas que ya experimentan con la tecnología para llevar un seguimiento al respecto. Pero no todo vale a la hora de utilizar de nuevas herramientas. Una escuela de secundaria en el norte de Suecia ha sido multada con 200.000 coronas suecas —unos 18.500 euros— por realizar una prueba piloto con cámaras con reconocimiento facial para monitorear a 22 alumnos de una clase del centro, según informa el Comité Europeo de Protección de Datos.
La prueba se realizó durante tres semanas en un centro de la localidad de Skellefteå. Pese a que los estudiantes habían dado su consentimiento, la Agencia de Protección de Datos (DPA) sueca ha concluido que este proyecto piloto viola varios artículos del reglamento europeo de protección de datos (RGPD). El organismo indica que el consentimiento no es una vía legal en este caso porque “hay un desequilibrio claro entre los dueños de los datos y quién controla esta información ahora” y porque los alumnos están en una situación de dependencia con respecto a la dirección del centro.
En Suecia, las autoridades públicas pueden recibir una multa máxima de 10 millones de coronas suecas —aproximadamente 1 millón de euros—. Esta es la primera multa en relación al RGPD emitida por la Agencia de Protección de Datos sueca, que sostiene que la escuela ha procesado datos biométricos sensibles de manera ilegal y no ha realizado una evaluación de impacto adecuada. El centro, según la DPA, debería haber consultado previamente con el organismo si podía llevar a cabo el proyecto.
El uso de reconocimiento facial ha levantado polémica en los últimos años entre organizaciones de defensas de los derechos. Hay lugares que ya han comenzado a legislar al respecto. San Francisco se convirtió en mayo en la primera ciudad en Estados Unidos en prohibir el uso de la tecnología de reconocimiento facial.
En Europa, el Reglamento General de Protección de Datos (RGPD) prevé una protección especial a los datos biométricos. Se prohíbe de forma general que se puedan tratar datos biométricos, aunque hay algunas excepciones en las que los sistemas de reconocimiento facial sí pueden ser utilizados. Por ejemplo, cuando lo usan cuerpos policiales en la persecución de delitos y terroristas a nivel internacional o cuando el afectado ha dado el consentimiento y el tratamiento persigue una finalidad lícita.
Otras escuelas
Suecia no es el único país en el que se ha utilizado esta tecnología en centros educativos. Mientras que algunos centros europeos se plantean su uso, varias escuelas de China también cuentan con sistemas de reconocimiento facial en sus puertas para controlar la asistencia de los alumnos. Y van mucho más allá. Utilizan uniformes inteligentes con el fin de combatir el absentismo escolar, según el diario oficial Global Times. La prenda permite a los profesores detectar la ubicación de los alumnos o activar una alarma cuando un estudiante se queda dormido en clase.
En Estados Unidos el distrito escolar de la ciudad de Lockport, en Nueva York, ha comenzado a implementar un sistema de reconocimiento facial, según The Guardian. En este caso, esta tecnología se utiliza para garantizar la seguridad en el centro. La probabilidad de morir a tiros en Estados Unidos es 24 veces mayor que en España y 100 veces mayor que en Japón.
Multado con 18.500 euros un colegio sueco por utilizar tecnología facial, pese a contar con el consentimiento de los estudiantes.
Controlar la asistencia de los alumnos en colegios e institutos es una de las prioridades de los centros de enseñanza. Frente a las tradicionales listas de asistencia, hay escuelas que ya experimentan con la tecnología para llevar un seguimiento al respecto. Pero no todo vale a la hora de utilizar de nuevas herramientas. Una escuela de secundaria en el norte de Suecia ha sido multada con 200.000 coronas suecas —unos 18.500 euros— por realizar una prueba piloto con cámaras con reconocimiento facial para monitorear a 22 alumnos de una clase del centro, según informa el Comité Europeo de Protección de Datos.
La prueba se realizó durante tres semanas en un centro de la localidad de Skellefteå. Pese a que los estudiantes habían dado su consentimiento, la Agencia de Protección de Datos (DPA) sueca ha concluido que este proyecto piloto viola varios artículos del reglamento europeo de protección de datos (RGPD). El organismo indica que el consentimiento no es una vía legal en este caso porque “hay un desequilibrio claro entre los dueños de los datos y quién controla esta información ahora” y porque los alumnos están en una situación de dependencia con respecto a la dirección del centro.
En Suecia, las autoridades públicas pueden recibir una multa máxima de 10 millones de coronas suecas —aproximadamente 1 millón de euros—. Esta es la primera multa en relación al RGPD emitida por la Agencia de Protección de Datos sueca, que sostiene que la escuela ha procesado datos biométricos sensibles de manera ilegal y no ha realizado una evaluación de impacto adecuada. El centro, según la DPA, debería haber consultado previamente con el organismo si podía llevar a cabo el proyecto.
El uso de reconocimiento facial ha levantado polémica en los últimos años entre organizaciones de defensas de los derechos. Hay lugares que ya han comenzado a legislar al respecto. San Francisco se convirtió en mayo en la primera ciudad en Estados Unidos en prohibir el uso de la tecnología de reconocimiento facial.
En Europa, el Reglamento General de Protección de Datos (RGPD) prevé una protección especial a los datos biométricos. Se prohíbe de forma general que se puedan tratar datos biométricos, aunque hay algunas excepciones en las que los sistemas de reconocimiento facial sí pueden ser utilizados. Por ejemplo, cuando lo usan cuerpos policiales en la persecución de delitos y terroristas a nivel internacional o cuando el afectado ha dado el consentimiento y el tratamiento persigue una finalidad lícita.
Otras escuelas
Suecia no es el único país en el que se ha utilizado esta tecnología en centros educativos. Mientras que algunos centros europeos se plantean su uso, varias escuelas de China también cuentan con sistemas de reconocimiento facial en sus puertas para controlar la asistencia de los alumnos. Y van mucho más allá. Utilizan uniformes inteligentes con el fin de combatir el absentismo escolar, según el diario oficial Global Times. La prenda permite a los profesores detectar la ubicación de los alumnos o activar una alarma cuando un estudiante se queda dormido en clase.
En Estados Unidos el distrito escolar de la ciudad de Lockport, en Nueva York, ha comenzado a implementar un sistema de reconocimiento facial, según The Guardian. En este caso, esta tecnología se utiliza para garantizar la seguridad en el centro. La probabilidad de morir a tiros en Estados Unidos es 24 veces mayor que en España y 100 veces mayor que en Japón.
Desde el inicio del siglo XXI se han perpetrado más de 200 tiroteos en institutos y colegios de primaria y secundaria de Estados Unidos a los que han estado expuestos algo más de 200.000 estudiantes, según información recabada por el diario The Washington Post y por este periódico. El último sistema mencionado está diseñado para detectar los rostros de personas expulsadas o suspendidas de las escuelas de Lockport, agresores sexuales u otras personas que puedan suponer una amenaza para el centro.
https://elpais.com/tecnologia/2019/08/30/actualidad/1567157371_609647.html
#privacidad #suecia #colegio #multa
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
https://elpais.com/tecnologia/2019/08/30/actualidad/1567157371_609647.html
#privacidad #suecia #colegio #multa
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
El País
La escuela que usa reconocimiento facial para controlar la asistencia
Multado con 18.500 euros un colegio sueco por utilizar tecnología facial, pese a contar con el consentimiento de los estudiantes
Phone numbers of 420 million Facebook users discovered on the net
Facebook had already admitted last year that the function to search for friends by telephone number was misused for data tapping. Now a database with entries for hundreds of millions of users has been discovered on the Internet.
Phone numbers of around 420 million Facebook users were openly accessible on the Internet. The database seems to have been compiled through the misuse of a function to search for friends by telephone number. Facebook declared on Wednesday that it was old data. They were probably collected before the online network last year switched off the possibility of finding acquaintances with the help of their telephone number. Facebook had no evidence that accounts had been hacked.
An IT security researcher discovered the file with the telephone numbers and the corresponding Facebook identification number and pointed this out to the technology blog "TechCrunch". It had been accessible unencrypted and had since been removed. It is unclear who created and uploaded the list for what purpose. Among the telephone numbers were 133 million Facebook users from the USA - as well as 13 million from Great Britain and more than 50 million from Vietnam. In some cases, it also contained information about users' names and sex.
Criminals could hijack profiles
The danger with such data is that online criminals could use it to reset account passwords and hijack profiles.
Facebook had already admitted in April 2018 that the search for phone numbers by friends was being misused to tap data and turned it off. Although the phone numbers were not openly visible, they could possibly be retrieved on a large scale via automated queries - so-called "scraping". This violated the Facebook rules, but was technically possible. Facebook is also struggling with the scraping of publicly accessible profile data on the Instagram photo platform.
https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
https://t3n.de/news/telefonnummern-420-millionen-netz-1194823/
#DeleteFacebook #dataleak #userdata #privacy #phonenumbers
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Facebook had already admitted last year that the function to search for friends by telephone number was misused for data tapping. Now a database with entries for hundreds of millions of users has been discovered on the Internet.
Phone numbers of around 420 million Facebook users were openly accessible on the Internet. The database seems to have been compiled through the misuse of a function to search for friends by telephone number. Facebook declared on Wednesday that it was old data. They were probably collected before the online network last year switched off the possibility of finding acquaintances with the help of their telephone number. Facebook had no evidence that accounts had been hacked.
An IT security researcher discovered the file with the telephone numbers and the corresponding Facebook identification number and pointed this out to the technology blog "TechCrunch". It had been accessible unencrypted and had since been removed. It is unclear who created and uploaded the list for what purpose. Among the telephone numbers were 133 million Facebook users from the USA - as well as 13 million from Great Britain and more than 50 million from Vietnam. In some cases, it also contained information about users' names and sex.
Criminals could hijack profiles
The danger with such data is that online criminals could use it to reset account passwords and hijack profiles.
Facebook had already admitted in April 2018 that the search for phone numbers by friends was being misused to tap data and turned it off. Although the phone numbers were not openly visible, they could possibly be retrieved on a large scale via automated queries - so-called "scraping". This violated the Facebook rules, but was technically possible. Facebook is also struggling with the scraping of publicly accessible profile data on the Instagram photo platform.
https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
https://t3n.de/news/telefonnummern-420-millionen-netz-1194823/
#DeleteFacebook #dataleak #userdata #privacy #phonenumbers
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
MetaX Worked With Hundreds of People to Visit Global Publishers’ Sites to Reverse Engineer Google’s Cookie_Push GDPR Workaround (aka ‘Push Pages’) & the OpenX Push Page Workaround
MetaX is proud to provide additional important context to the research released today from Brave and featured in the Financial Times, focusing on a GDPR workaround built by Google known as “cookie_push” (aka “Push Pages”). Our intention is not to single any one company out, but rather inform the community on these ongoing data issues.
The data released by Brave and reported in the Financial Times article showed that Google deployed a new data syncing architecture prior to GDPR – the details released by Brave include numerous written explanations of the process, and also a chart showing the cookie data flow that our team helped with. https://www.ft.com/content/e3e1697e-ce57-11e9-99a4-b5ded7a7fe3f
💡 How Google’s RTB and Push Pages allow hundreds of DSPs to tie their tracking profiles about people together (View the full chart)
https://brave.com/wp-content/uploads/sequence.pdf
https://metax.io/metax-report-google-workaround-openx-workaround/
#Google #Brave #DeleteGoogle #tracking #rtb #dsp #GDPR #advertisers #advertising #pdf #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
MetaX is proud to provide additional important context to the research released today from Brave and featured in the Financial Times, focusing on a GDPR workaround built by Google known as “cookie_push” (aka “Push Pages”). Our intention is not to single any one company out, but rather inform the community on these ongoing data issues.
The data released by Brave and reported in the Financial Times article showed that Google deployed a new data syncing architecture prior to GDPR – the details released by Brave include numerous written explanations of the process, and also a chart showing the cookie data flow that our team helped with. https://www.ft.com/content/e3e1697e-ce57-11e9-99a4-b5ded7a7fe3f
💡 How Google’s RTB and Push Pages allow hundreds of DSPs to tie their tracking profiles about people together (View the full chart)
https://brave.com/wp-content/uploads/sequence.pdf
https://metax.io/metax-report-google-workaround-openx-workaround/
#Google #Brave #DeleteGoogle #tracking #rtb #dsp #GDPR #advertisers #advertising #pdf #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
We filed a criminal complaint: Prosecutor launches investigation into FinFisher for illegal export of state spyware
The state spyware FinFisher is developed in Munich and sold all over the world. The company needs approval for exports, but the German government has never granted that. Together with other NGOs, we have filed a criminal complaint. Customs is investigating, the crime is punishable by prison sentence up to five years.
Bahrain, Egypt, Ethiopia: Dictatorships around the world rely on surveillance technology „made in Germany“. The state spyware FinFisher or FinSpy is developed in Munich and sold to police and secret services in dozens of countries, including the German Federal Police.
To export such malware, FinFisher needs a license in accord with German and European law. However, the German Government has never issued one. Export without a license is a criminal offense. Thus we have filed a criminal complaint against the responsible companies and their managing directors.
Together with the Society for Civil Rights, Reporters without Borders and the European Center for Constitutional and Human Rights, we wrote a 21-page criminal complaint and an eight-page technical appendix, which we submitted to the public prosecutor’s office in Munich on July 5. Now they are investigating.
Our accusations are being taken seriously: The case was escalated directly to the Federal Customs Criminal Investigation Office, which is responsible for violations of the Foreign Trade and Payments Act.
From Munich via Turkey to prison?
Our principle case is Turkey. After the 2016 coup d’état attempt, the Turkish government arrested more than 77,000 people, including 34 journalists. A broad coalition of civil resistance organized against this repression, including the 2017 March for Justice.
During that time, a website „Walk for justice“ appeared, which offered an Android app to help organize the protest movement. This website was advertised on social media. But the app, which is still available today, is a camouflaged state spyware. After installation, it takes complete control of the device, monitors communication and extracts data.
In a detailed technical analysis and a technical appendix we prove that this Turkish state spyware is the German product FinFisher/FinSpy. We then analyze the company structure of FinFisher and suspicious individuals.
We are certain: FinFisher is developed in Munich and FinFisher was sold to Turkey without permission. That is a crime, punishable by a prison sentence up to five years. We hope that the authorities investigate extensively and confirm our accusations.
Until then, German authorities should stop using tools for dictators themselves and stop subsidizing such companies with taxpayers‘ money.
The legal documents are available in English as PDF and in German as HTML.
👉🏼 PDF:
https://cdn.netzpolitik.org/wp-upload/2019/09/2019-07-05_FinFisher_Criminal-Complaint_ENG.pdf
https://netzpolitik.org/2019/we-filed-a-criminal-complaint-prosecutor-launches-investigation-into-finfisher-for-illegal-export-of-state-spyware/
#FinFisher #FinSpy #spyware #CriminalComplaint #investigation #crime #StateTrojan #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The state spyware FinFisher is developed in Munich and sold all over the world. The company needs approval for exports, but the German government has never granted that. Together with other NGOs, we have filed a criminal complaint. Customs is investigating, the crime is punishable by prison sentence up to five years.
Bahrain, Egypt, Ethiopia: Dictatorships around the world rely on surveillance technology „made in Germany“. The state spyware FinFisher or FinSpy is developed in Munich and sold to police and secret services in dozens of countries, including the German Federal Police.
To export such malware, FinFisher needs a license in accord with German and European law. However, the German Government has never issued one. Export without a license is a criminal offense. Thus we have filed a criminal complaint against the responsible companies and their managing directors.
Together with the Society for Civil Rights, Reporters without Borders and the European Center for Constitutional and Human Rights, we wrote a 21-page criminal complaint and an eight-page technical appendix, which we submitted to the public prosecutor’s office in Munich on July 5. Now they are investigating.
Our accusations are being taken seriously: The case was escalated directly to the Federal Customs Criminal Investigation Office, which is responsible for violations of the Foreign Trade and Payments Act.
From Munich via Turkey to prison?
Our principle case is Turkey. After the 2016 coup d’état attempt, the Turkish government arrested more than 77,000 people, including 34 journalists. A broad coalition of civil resistance organized against this repression, including the 2017 March for Justice.
During that time, a website „Walk for justice“ appeared, which offered an Android app to help organize the protest movement. This website was advertised on social media. But the app, which is still available today, is a camouflaged state spyware. After installation, it takes complete control of the device, monitors communication and extracts data.
In a detailed technical analysis and a technical appendix we prove that this Turkish state spyware is the German product FinFisher/FinSpy. We then analyze the company structure of FinFisher and suspicious individuals.
We are certain: FinFisher is developed in Munich and FinFisher was sold to Turkey without permission. That is a crime, punishable by a prison sentence up to five years. We hope that the authorities investigate extensively and confirm our accusations.
Until then, German authorities should stop using tools for dictators themselves and stop subsidizing such companies with taxpayers‘ money.
The legal documents are available in English as PDF and in German as HTML.
👉🏼 PDF:
https://cdn.netzpolitik.org/wp-upload/2019/09/2019-07-05_FinFisher_Criminal-Complaint_ENG.pdf
https://netzpolitik.org/2019/we-filed-a-criminal-complaint-prosecutor-launches-investigation-into-finfisher-for-illegal-export-of-state-spyware/
#FinFisher #FinSpy #spyware #CriminalComplaint #investigation #crime #StateTrojan #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
🇪🇸 Los números de teléfono de 420 millones de usuarios de Facebook, a la vista de cualquiera.
Cientos de millones de usuarios se han visto afectados por el último gran fallo de privacidad de Facebook, que ha permitido que una base de datos con números de teléfono se mantenga en un servidor externo.
La existencia de la base de datos ha sido revelada por Techcrunch, que pudo entrar en el servidor sin problemas porque no tenía ningún tipo de protección, ni siquiera por una contraseña; eso significa que cualquiera podría haber encontrado esta base de datos y acceder a su información sin ningún límite.
Cada registro de la base de datos estaba compuesto por el Facebook ID y el número de teléfono del usuario. El Facebook ID es un identificador compuesto de una larga ristra de números, que identifican a cada usuario de la red social. La base de datos tenía más de 419 millones de entradas.
✳️ Cientos de millones de teléfonos, al aire libre.
Con este número es fácil obtener datos como el nombre de usuario de la cuenta. Por lo tanto, alguien con acceso a esta base de datos podría asociar números de teléfono con personas concretas. Techcrunch pudo comprobar la veracidad de estos datos. Además, algunos de estos registros también tienen otra información personal, como el nombre, el género y el país.
Este es uno de los casos más graves protagonizados por Facebook que se recuerdan, y eso es decir mucho. Después de un 2018 protagonizado por el escándalo de Cambridge Analytica, el 2019 no ha sido mucho mejor.
Apenas hace unos meses que se reveló que empleados de Facebook guardaban las contraseñas de los usuarios sin cifrar; y hablando de números de teléfono, se descubrió que no los usaba sólo por seguridad, como afirmaba en un principio.
La gran diferencia del caso de hoy es que, en esta ocasión, esta base de datos no parece formar parte de los planes de Facebook. Todo indica a que alguien se ha dedicado a recopilar esta información de los perfiles; es un proceso llamado "web scraping", por el cual se usan algoritmos para almacenar el contenido de una página de manera automática.
✳️ El problema del scraping de Facebook.
La propia Facebook ha admitido que el scraping es un problema; por ejemplo, cuando una startup consiguió rastrear a usuarios de Instagram usando este método. Todo indica que esta nueva base de datos ha sido creada de esta manera.
Antes, los números de teléfono eran más fácilmente accesibles en Facebook; en abril de 2018, y en respuesta a las informaciones relacionadas con Cambridge Analytica, la compañía decidió limitar el acceso a esa información.
Por lo tanto, es muy probable que estos datos se hayan obtenido antes de esa fecha. Representantes de Facebook han confirmado esto.
El scraping es como el fantasma de las navidades pasadas para Facebook. Es el resultado de las laxas políticas de privacidad que la compañía tenía hasta no hace mucho. Ahora que se desvelan casos como este, representantes de Facebook son rápidos en aclarar que las políticas han cambiado y que ya no sería posible hacer algo como eso. Pero es poco consuelo para quien puede estar recibiendo spam o acoso por teléfono por culpa de esta filtración.
La base de datos ya no está accesible, después de que la empresa de hosting propietaria del servidor haya decidido cerrarlo. Por lo tanto, queda la gran duda de quién consiguió esos datos, cuándo creó esta base de datos y cuál era su objetivo, algo que por ahora, es un misterio.
Lo que si sabemos es que es muy probable que exista una copia, probablemente más, de esta base de datos.
https://www.elespanol.com/omicrono/20190905/numeros-telefono-millones-usuarios-facebook-vista/426957547_0.html
#facebook #privacidad #filtracion #datos
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Cientos de millones de usuarios se han visto afectados por el último gran fallo de privacidad de Facebook, que ha permitido que una base de datos con números de teléfono se mantenga en un servidor externo.
La existencia de la base de datos ha sido revelada por Techcrunch, que pudo entrar en el servidor sin problemas porque no tenía ningún tipo de protección, ni siquiera por una contraseña; eso significa que cualquiera podría haber encontrado esta base de datos y acceder a su información sin ningún límite.
Cada registro de la base de datos estaba compuesto por el Facebook ID y el número de teléfono del usuario. El Facebook ID es un identificador compuesto de una larga ristra de números, que identifican a cada usuario de la red social. La base de datos tenía más de 419 millones de entradas.
✳️ Cientos de millones de teléfonos, al aire libre.
Con este número es fácil obtener datos como el nombre de usuario de la cuenta. Por lo tanto, alguien con acceso a esta base de datos podría asociar números de teléfono con personas concretas. Techcrunch pudo comprobar la veracidad de estos datos. Además, algunos de estos registros también tienen otra información personal, como el nombre, el género y el país.
Este es uno de los casos más graves protagonizados por Facebook que se recuerdan, y eso es decir mucho. Después de un 2018 protagonizado por el escándalo de Cambridge Analytica, el 2019 no ha sido mucho mejor.
Apenas hace unos meses que se reveló que empleados de Facebook guardaban las contraseñas de los usuarios sin cifrar; y hablando de números de teléfono, se descubrió que no los usaba sólo por seguridad, como afirmaba en un principio.
La gran diferencia del caso de hoy es que, en esta ocasión, esta base de datos no parece formar parte de los planes de Facebook. Todo indica a que alguien se ha dedicado a recopilar esta información de los perfiles; es un proceso llamado "web scraping", por el cual se usan algoritmos para almacenar el contenido de una página de manera automática.
✳️ El problema del scraping de Facebook.
La propia Facebook ha admitido que el scraping es un problema; por ejemplo, cuando una startup consiguió rastrear a usuarios de Instagram usando este método. Todo indica que esta nueva base de datos ha sido creada de esta manera.
Antes, los números de teléfono eran más fácilmente accesibles en Facebook; en abril de 2018, y en respuesta a las informaciones relacionadas con Cambridge Analytica, la compañía decidió limitar el acceso a esa información.
Por lo tanto, es muy probable que estos datos se hayan obtenido antes de esa fecha. Representantes de Facebook han confirmado esto.
El scraping es como el fantasma de las navidades pasadas para Facebook. Es el resultado de las laxas políticas de privacidad que la compañía tenía hasta no hace mucho. Ahora que se desvelan casos como este, representantes de Facebook son rápidos en aclarar que las políticas han cambiado y que ya no sería posible hacer algo como eso. Pero es poco consuelo para quien puede estar recibiendo spam o acoso por teléfono por culpa de esta filtración.
La base de datos ya no está accesible, después de que la empresa de hosting propietaria del servidor haya decidido cerrarlo. Por lo tanto, queda la gran duda de quién consiguió esos datos, cuándo creó esta base de datos y cuál era su objetivo, algo que por ahora, es un misterio.
Lo que si sabemos es que es muy probable que exista una copia, probablemente más, de esta base de datos.
https://www.elespanol.com/omicrono/20190905/numeros-telefono-millones-usuarios-facebook-vista/426957547_0.html
#facebook #privacidad #filtracion #datos
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
El Español
Los números de teléfono de 420 millones de usuarios de Facebook, a la vista de cualquiera - EL ESPAÑOL
La base de datos estaba en un servidor sin protección.
Incluía información que asociaba los números con cada usuario.
Facebook también guardó contraseñas sin protección.
Incluía información que asociaba los números con cada usuario.
Facebook también guardó contraseñas sin protección.
Media is too big
VIEW IN TELEGRAM
When is the News Not the News?
So when is the news not the news? When it’s simply ignored by the mockingbird media, of course. Join James for today’s exploration of yet another tool in the propagandists’ toolbox in this week’s edition of #PropagandaWatch.
📺 https://www.corbettreport.com/when-is-the-news-not-the-news-propagandawatch/
#PropagandaWatch #Corbettreport #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
So when is the news not the news? When it’s simply ignored by the mockingbird media, of course. Join James for today’s exploration of yet another tool in the propagandists’ toolbox in this week’s edition of #PropagandaWatch.
📺 https://www.corbettreport.com/when-is-the-news-not-the-news-propagandawatch/
#PropagandaWatch #Corbettreport #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Facebook Is Giving Advertisers Access to Your Shadow Contact Information
Last week, I ran an ad on Facebook that was targeted at a computer science professor named Alan Mislove. Mislove studies how privacy works on social networks and had a theory that Facebook is letting advertisers reach users with contact information collected in surprising ways. I was helping him test the theory by targeting him in a way Facebook had previously told me wouldn’t work. I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove’s office, a number Mislove has never provided to Facebook. He saw the ad within hours.
One of the many ways that ads get in front of your eyeballs on Facebook and Instagram is that the social networking giant lets an advertiser upload a list of phone numbers or email addresses it has on file; it will then put an ad in front of accounts associated with that contact information. A clothing retailer can put an ad for a dress in the Instagram feeds of women who have purchased from them before, a politician can place Facebook ads in front of anyone on his mailing list, or a casino can offer deals to the email addresses of people suspected of having a gambling addiction. Facebook calls this a “custom audience.”
You might assume that you could go to your Facebook profile and look at your “contact and basic info” page to see what email addresses and phone numbers are associated with your account, and thus what advertisers can use to target you. But as is so often the case with this highly efficient data-miner posing as a way to keep in contact with your friends, it’s going about it in a less transparent and more invasive way.
Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all, but that was collected from other people’s contact books, a hidden layer of details Facebook has about you that I’ve come to call “shadow contact information.” I managed to place an ad in front of Alan Mislove by targeting his shadow profile. This means that the junk email address that you hand over for discounts or for shady online shopping is likely associated with your account and being used to target you with ads.
Facebook is not upfront about this practice. In fact, when I asked its PR team last year whether it was using shadow contact information for ads, they denied it. Luckily for those of us obsessed with the uncannily accurate nature of ads on Facebook platforms, a group of academic researchers decided to do a deep dive into how Facebook custom audiences work to find out how users’ phone numbers and email addresses get sucked into the advertising ecosystem.
Giridhari Venkatadri, Piotr Sapiezynski, and Alan Mislove of Northeastern University, along with Elena Lucherini of Princeton University, did a series of tests that involved handing contact information over to Facebook for a group of test accounts in different ways and then seeing whether that information could be used by an advertiser. They came up with a novel way to detect whether that information became available to advertisers by looking at the stats provided by Facebook about the size of an audience after contact information is uploaded. They go into this in greater length and technical detail in their paper.
👉🏼 PDF:
https://mislove.org/publications/PII-PETS.pdf
Read more:
https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051
#DeleteFacebook #Facebook #targeting #advertising #datamining #pdf #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Last week, I ran an ad on Facebook that was targeted at a computer science professor named Alan Mislove. Mislove studies how privacy works on social networks and had a theory that Facebook is letting advertisers reach users with contact information collected in surprising ways. I was helping him test the theory by targeting him in a way Facebook had previously told me wouldn’t work. I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove’s office, a number Mislove has never provided to Facebook. He saw the ad within hours.
One of the many ways that ads get in front of your eyeballs on Facebook and Instagram is that the social networking giant lets an advertiser upload a list of phone numbers or email addresses it has on file; it will then put an ad in front of accounts associated with that contact information. A clothing retailer can put an ad for a dress in the Instagram feeds of women who have purchased from them before, a politician can place Facebook ads in front of anyone on his mailing list, or a casino can offer deals to the email addresses of people suspected of having a gambling addiction. Facebook calls this a “custom audience.”
You might assume that you could go to your Facebook profile and look at your “contact and basic info” page to see what email addresses and phone numbers are associated with your account, and thus what advertisers can use to target you. But as is so often the case with this highly efficient data-miner posing as a way to keep in contact with your friends, it’s going about it in a less transparent and more invasive way.
Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all, but that was collected from other people’s contact books, a hidden layer of details Facebook has about you that I’ve come to call “shadow contact information.” I managed to place an ad in front of Alan Mislove by targeting his shadow profile. This means that the junk email address that you hand over for discounts or for shady online shopping is likely associated with your account and being used to target you with ads.
Facebook is not upfront about this practice. In fact, when I asked its PR team last year whether it was using shadow contact information for ads, they denied it. Luckily for those of us obsessed with the uncannily accurate nature of ads on Facebook platforms, a group of academic researchers decided to do a deep dive into how Facebook custom audiences work to find out how users’ phone numbers and email addresses get sucked into the advertising ecosystem.
Giridhari Venkatadri, Piotr Sapiezynski, and Alan Mislove of Northeastern University, along with Elena Lucherini of Princeton University, did a series of tests that involved handing contact information over to Facebook for a group of test accounts in different ways and then seeing whether that information could be used by an advertiser. They came up with a novel way to detect whether that information became available to advertisers by looking at the stats provided by Facebook about the size of an audience after contact information is uploaded. They go into this in greater length and technical detail in their paper.
👉🏼 PDF:
https://mislove.org/publications/PII-PETS.pdf
Read more:
https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051
#DeleteFacebook #Facebook #targeting #advertising #datamining #pdf #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Introduction to (home) network security.
A beginner-friendly guide to network segmentation for privacy and security in the age of the Internet of Insecure Things.
Typical home networks use a closed-source Internet Service Provider supplied router/firewall and contain no restrictions on communications between clients within the network. The widespread deployment of network-connected appliances, control systems, lighting, etc, means that this design is insecure. This talk will cover the basics of networking, including why and how segregation of different types of network clients and traffic can be achieved to increase privacy and security.
📺 https://media.ccc.de/v/Camp2019-10225-introduction_to_home_network_security
#ChaosCommunicationCamp #CCCamp19 #CCC #network #security #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
A beginner-friendly guide to network segmentation for privacy and security in the age of the Internet of Insecure Things.
Typical home networks use a closed-source Internet Service Provider supplied router/firewall and contain no restrictions on communications between clients within the network. The widespread deployment of network-connected appliances, control systems, lighting, etc, means that this design is insecure. This talk will cover the basics of networking, including why and how segregation of different types of network clients and traffic can be achieved to increase privacy and security.
📺 https://media.ccc.de/v/Camp2019-10225-introduction_to_home_network_security
#ChaosCommunicationCamp #CCCamp19 #CCC #network #security #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Audio
Privacy or Profit - Why Not Both?
Every day, #OurData hits the market when we sign #online. It’s for sale, and we’re left to wonder if tech companies will ever choose to protect our privacy rather than reap large profits with our information. But, is the choice — profit or privacy — a false dilemma? Meet the people who have built profitable tech businesses while also respecting your #privacy. Fact check if #Facebook and #Google have really found religion in privacy. And, imagine a world where you could actually get paid to share your data.
📻 https://irlpodcast.org/
#IRL #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Every day, #OurData hits the market when we sign #online. It’s for sale, and we’re left to wonder if tech companies will ever choose to protect our privacy rather than reap large profits with our information. But, is the choice — profit or privacy — a false dilemma? Meet the people who have built profitable tech businesses while also respecting your #privacy. Fact check if #Facebook and #Google have really found religion in privacy. And, imagine a world where you could actually get paid to share your data.
📻 https://irlpodcast.org/
#IRL #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Spyware company leaves private customer data on the internet
A manufacturer of consumer spyware marketed to parents and partners has published incredibly intimate user data on a server freely accessible over the Internet. Freely available for all to see and hear: photos of children, school report cards, call recordings. The companies responsible for the stalkerware are largely indifferent to what happens with the data.
A child, maybe six or seven, picks his nose with both fingers and makes silly faces for the camera. In the next picture he is eating a banana. Then we see a photo of a school report card, picture taken from a computer screen. It shows the child’s full name and the current grades in English and biology.
What looks like the digital photo album of a normal family has been freely available on the internet for more than a year – without the knowledge of the people concerned. A company that sells stalkerware – software for the secret surveillance of children and partners – has published these pictures and hundreds of intimate call recordings on the internet.
The photos not only show the child and his parents, their apartment, their bedroom, but also connect these to personal data such as names, e-mail addresses or medication prescriptions. The data has been on a server since April 2018 – without a password or other protection, freely available ot anyone with an internet connection.
For people „who are tired of being lied to“
Responsible for this privacy disaster is a company called Spyapp247. It sells an app that allows you to spy on what another person is doing on their phone. The Android app records phone calls, chat messages, browser history, photos, allows access to the address book and tracks location data – without the affected person noticing. According to the manufacturer, even the microphone can be switched on remotely: The telephone becomes a bug.
Spyapp247 markets the app on its website to people „who are tired of being lied to and cheated on,“ meaning: who want to spy on a partner. Civil rights organizations therefore call such apps stalkerware. But the company also advertises its apps as a tool for cautious parents to recognize „dangers to your children before they ever happen.“
Spyware manufacturer not reacting
It is hard to tell who installed the app in this case, and for what purpose, but it is likely that the data was obtained without the consent of the person targeted. In order to install the app, a person must have physical access to the device for at least a few minutes. Once the app is on the phone, it can collect all kinds of information in the background. The data is uploaded to a server and presented to the operator in a browser window.
👉🏼 Read more:
https://netzpolitik.org/2019/spyware-company-leaves-private-customer-data-on-the-internet/
#spyware #Spyapp247 #stalkerware #dataprotection #dataleak #userdata #surveillance #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
A manufacturer of consumer spyware marketed to parents and partners has published incredibly intimate user data on a server freely accessible over the Internet. Freely available for all to see and hear: photos of children, school report cards, call recordings. The companies responsible for the stalkerware are largely indifferent to what happens with the data.
A child, maybe six or seven, picks his nose with both fingers and makes silly faces for the camera. In the next picture he is eating a banana. Then we see a photo of a school report card, picture taken from a computer screen. It shows the child’s full name and the current grades in English and biology.
What looks like the digital photo album of a normal family has been freely available on the internet for more than a year – without the knowledge of the people concerned. A company that sells stalkerware – software for the secret surveillance of children and partners – has published these pictures and hundreds of intimate call recordings on the internet.
The photos not only show the child and his parents, their apartment, their bedroom, but also connect these to personal data such as names, e-mail addresses or medication prescriptions. The data has been on a server since April 2018 – without a password or other protection, freely available ot anyone with an internet connection.
For people „who are tired of being lied to“
Responsible for this privacy disaster is a company called Spyapp247. It sells an app that allows you to spy on what another person is doing on their phone. The Android app records phone calls, chat messages, browser history, photos, allows access to the address book and tracks location data – without the affected person noticing. According to the manufacturer, even the microphone can be switched on remotely: The telephone becomes a bug.
Spyapp247 markets the app on its website to people „who are tired of being lied to and cheated on,“ meaning: who want to spy on a partner. Civil rights organizations therefore call such apps stalkerware. But the company also advertises its apps as a tool for cautious parents to recognize „dangers to your children before they ever happen.“
Spyware manufacturer not reacting
It is hard to tell who installed the app in this case, and for what purpose, but it is likely that the data was obtained without the consent of the person targeted. In order to install the app, a person must have physical access to the device for at least a few minutes. Once the app is on the phone, it can collect all kinds of information in the background. The data is uploaded to a server and presented to the operator in a browser window.
👉🏼 Read more:
https://netzpolitik.org/2019/spyware-company-leaves-private-customer-data-on-the-internet/
#spyware #Spyapp247 #stalkerware #dataprotection #dataleak #userdata #surveillance #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
uninformed-consent_Yl7FPEh.pdf
845.7 KB
Data protectors consider most cookie banners illegal
Only very few cookie banners comply with the provisions of the DSGVO, as a study has shown. However, the data protection authorities are still reluctant to impose sanctions.
Studying GDPR Consent Notices in theField
👉🏼 🇬🇧 PDF:
https://www.syssec.ruhr-uni-bochum.de/media/emma/veroeffentlichungen/2019/09/05/uninformed-consent_Yl7FPEh.pdf
https://www.golem.de/news/manipulierte-zustimmung-die-meisten-cookie-banner-sind-illegal-1909-143773.html
#gdpr #study #cookie #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Only very few cookie banners comply with the provisions of the DSGVO, as a study has shown. However, the data protection authorities are still reluctant to impose sanctions.
Studying GDPR Consent Notices in theField
👉🏼 🇬🇧 PDF:
https://www.syssec.ruhr-uni-bochum.de/media/emma/veroeffentlichungen/2019/09/05/uninformed-consent_Yl7FPEh.pdf
https://www.golem.de/news/manipulierte-zustimmung-die-meisten-cookie-banner-sind-illegal-1909-143773.html
#gdpr #study #cookie #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
This media is not supported in your browser
VIEW IN TELEGRAM
The remix story behind Hong Kong's new protest anthem
Hong Kong’s protestors want greater autonomy from mainland China, a grievance they’re expressing through a song some are calling their new “national anthem.”
👉🏼 Read more:
https://time.com/5672018/glory-to-hong-kong-protests-national-anthem/
📺 With english subs:
https://www.youtube.com/watch?v=y7yRDOLCy4Y
📺 Orchestral version:
https://www.youtube.com/watch?v=oUIDL4SB60g
#FreeHongKong #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Hong Kong’s protestors want greater autonomy from mainland China, a grievance they’re expressing through a song some are calling their new “national anthem.”
👉🏼 Read more:
https://time.com/5672018/glory-to-hong-kong-protests-national-anthem/
📺 With english subs:
https://www.youtube.com/watch?v=y7yRDOLCy4Y
📺 Orchestral version:
https://www.youtube.com/watch?v=oUIDL4SB60g
#FreeHongKong #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
The creep in your pocket
Mobile spyware/stalkerware services offer common users to spy on mobile devices of people close to them, such as their children or spouses. This talk presents different types of these services and touches their social impact.
The talk focuses on #android and #iOS #spyware that do not require rooting or jailbreaking the victim's device. During the talk I will also show how Android spyware #apps misuse Android OS features to spy on
victims and hide themselves on their devices. Additionally, I will discuss the legal side of these services, as well as their social impact, such as domestic violence.
📺 https://media.ccc.de/v/2019-214-the-creep-in-your-pocket
#video #mrmcd19 #CCC
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Mobile spyware/stalkerware services offer common users to spy on mobile devices of people close to them, such as their children or spouses. This talk presents different types of these services and touches their social impact.
The talk focuses on #android and #iOS #spyware that do not require rooting or jailbreaking the victim's device. During the talk I will also show how Android spyware #apps misuse Android OS features to spy on
victims and hide themselves on their devices. Additionally, I will discuss the legal side of these services, as well as their social impact, such as domestic violence.
📺 https://media.ccc.de/v/2019-214-the-creep-in-your-pocket
#video #mrmcd19 #CCC
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN