Phone numbers of 420 million Facebook users discovered on the net
Facebook had already admitted last year that the function to search for friends by telephone number was misused for data tapping. Now a database with entries for hundreds of millions of users has been discovered on the Internet.
Phone numbers of around 420 million Facebook users were openly accessible on the Internet. The database seems to have been compiled through the misuse of a function to search for friends by telephone number. Facebook declared on Wednesday that it was old data. They were probably collected before the online network last year switched off the possibility of finding acquaintances with the help of their telephone number. Facebook had no evidence that accounts had been hacked.
An IT security researcher discovered the file with the telephone numbers and the corresponding Facebook identification number and pointed this out to the technology blog "TechCrunch". It had been accessible unencrypted and had since been removed. It is unclear who created and uploaded the list for what purpose. Among the telephone numbers were 133 million Facebook users from the USA - as well as 13 million from Great Britain and more than 50 million from Vietnam. In some cases, it also contained information about users' names and sex.
Criminals could hijack profiles
The danger with such data is that online criminals could use it to reset account passwords and hijack profiles.
Facebook had already admitted in April 2018 that the search for phone numbers by friends was being misused to tap data and turned it off. Although the phone numbers were not openly visible, they could possibly be retrieved on a large scale via automated queries - so-called "scraping". This violated the Facebook rules, but was technically possible. Facebook is also struggling with the scraping of publicly accessible profile data on the Instagram photo platform.
https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
https://t3n.de/news/telefonnummern-420-millionen-netz-1194823/
#DeleteFacebook #dataleak #userdata #privacy #phonenumbers
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Facebook had already admitted last year that the function to search for friends by telephone number was misused for data tapping. Now a database with entries for hundreds of millions of users has been discovered on the Internet.
Phone numbers of around 420 million Facebook users were openly accessible on the Internet. The database seems to have been compiled through the misuse of a function to search for friends by telephone number. Facebook declared on Wednesday that it was old data. They were probably collected before the online network last year switched off the possibility of finding acquaintances with the help of their telephone number. Facebook had no evidence that accounts had been hacked.
An IT security researcher discovered the file with the telephone numbers and the corresponding Facebook identification number and pointed this out to the technology blog "TechCrunch". It had been accessible unencrypted and had since been removed. It is unclear who created and uploaded the list for what purpose. Among the telephone numbers were 133 million Facebook users from the USA - as well as 13 million from Great Britain and more than 50 million from Vietnam. In some cases, it also contained information about users' names and sex.
Criminals could hijack profiles
The danger with such data is that online criminals could use it to reset account passwords and hijack profiles.
Facebook had already admitted in April 2018 that the search for phone numbers by friends was being misused to tap data and turned it off. Although the phone numbers were not openly visible, they could possibly be retrieved on a large scale via automated queries - so-called "scraping". This violated the Facebook rules, but was technically possible. Facebook is also struggling with the scraping of publicly accessible profile data on the Instagram photo platform.
https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
https://t3n.de/news/telefonnummern-420-millionen-netz-1194823/
#DeleteFacebook #dataleak #userdata #privacy #phonenumbers
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
MetaX Worked With Hundreds of People to Visit Global Publishers’ Sites to Reverse Engineer Google’s Cookie_Push GDPR Workaround (aka ‘Push Pages’) & the OpenX Push Page Workaround
MetaX is proud to provide additional important context to the research released today from Brave and featured in the Financial Times, focusing on a GDPR workaround built by Google known as “cookie_push” (aka “Push Pages”). Our intention is not to single any one company out, but rather inform the community on these ongoing data issues.
The data released by Brave and reported in the Financial Times article showed that Google deployed a new data syncing architecture prior to GDPR – the details released by Brave include numerous written explanations of the process, and also a chart showing the cookie data flow that our team helped with. https://www.ft.com/content/e3e1697e-ce57-11e9-99a4-b5ded7a7fe3f
💡 How Google’s RTB and Push Pages allow hundreds of DSPs to tie their tracking profiles about people together (View the full chart)
https://brave.com/wp-content/uploads/sequence.pdf
https://metax.io/metax-report-google-workaround-openx-workaround/
#Google #Brave #DeleteGoogle #tracking #rtb #dsp #GDPR #advertisers #advertising #pdf #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
MetaX is proud to provide additional important context to the research released today from Brave and featured in the Financial Times, focusing on a GDPR workaround built by Google known as “cookie_push” (aka “Push Pages”). Our intention is not to single any one company out, but rather inform the community on these ongoing data issues.
The data released by Brave and reported in the Financial Times article showed that Google deployed a new data syncing architecture prior to GDPR – the details released by Brave include numerous written explanations of the process, and also a chart showing the cookie data flow that our team helped with. https://www.ft.com/content/e3e1697e-ce57-11e9-99a4-b5ded7a7fe3f
💡 How Google’s RTB and Push Pages allow hundreds of DSPs to tie their tracking profiles about people together (View the full chart)
https://brave.com/wp-content/uploads/sequence.pdf
https://metax.io/metax-report-google-workaround-openx-workaround/
#Google #Brave #DeleteGoogle #tracking #rtb #dsp #GDPR #advertisers #advertising #pdf #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
We filed a criminal complaint: Prosecutor launches investigation into FinFisher for illegal export of state spyware
The state spyware FinFisher is developed in Munich and sold all over the world. The company needs approval for exports, but the German government has never granted that. Together with other NGOs, we have filed a criminal complaint. Customs is investigating, the crime is punishable by prison sentence up to five years.
Bahrain, Egypt, Ethiopia: Dictatorships around the world rely on surveillance technology „made in Germany“. The state spyware FinFisher or FinSpy is developed in Munich and sold to police and secret services in dozens of countries, including the German Federal Police.
To export such malware, FinFisher needs a license in accord with German and European law. However, the German Government has never issued one. Export without a license is a criminal offense. Thus we have filed a criminal complaint against the responsible companies and their managing directors.
Together with the Society for Civil Rights, Reporters without Borders and the European Center for Constitutional and Human Rights, we wrote a 21-page criminal complaint and an eight-page technical appendix, which we submitted to the public prosecutor’s office in Munich on July 5. Now they are investigating.
Our accusations are being taken seriously: The case was escalated directly to the Federal Customs Criminal Investigation Office, which is responsible for violations of the Foreign Trade and Payments Act.
From Munich via Turkey to prison?
Our principle case is Turkey. After the 2016 coup d’état attempt, the Turkish government arrested more than 77,000 people, including 34 journalists. A broad coalition of civil resistance organized against this repression, including the 2017 March for Justice.
During that time, a website „Walk for justice“ appeared, which offered an Android app to help organize the protest movement. This website was advertised on social media. But the app, which is still available today, is a camouflaged state spyware. After installation, it takes complete control of the device, monitors communication and extracts data.
In a detailed technical analysis and a technical appendix we prove that this Turkish state spyware is the German product FinFisher/FinSpy. We then analyze the company structure of FinFisher and suspicious individuals.
We are certain: FinFisher is developed in Munich and FinFisher was sold to Turkey without permission. That is a crime, punishable by a prison sentence up to five years. We hope that the authorities investigate extensively and confirm our accusations.
Until then, German authorities should stop using tools for dictators themselves and stop subsidizing such companies with taxpayers‘ money.
The legal documents are available in English as PDF and in German as HTML.
👉🏼 PDF:
https://cdn.netzpolitik.org/wp-upload/2019/09/2019-07-05_FinFisher_Criminal-Complaint_ENG.pdf
https://netzpolitik.org/2019/we-filed-a-criminal-complaint-prosecutor-launches-investigation-into-finfisher-for-illegal-export-of-state-spyware/
#FinFisher #FinSpy #spyware #CriminalComplaint #investigation #crime #StateTrojan #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The state spyware FinFisher is developed in Munich and sold all over the world. The company needs approval for exports, but the German government has never granted that. Together with other NGOs, we have filed a criminal complaint. Customs is investigating, the crime is punishable by prison sentence up to five years.
Bahrain, Egypt, Ethiopia: Dictatorships around the world rely on surveillance technology „made in Germany“. The state spyware FinFisher or FinSpy is developed in Munich and sold to police and secret services in dozens of countries, including the German Federal Police.
To export such malware, FinFisher needs a license in accord with German and European law. However, the German Government has never issued one. Export without a license is a criminal offense. Thus we have filed a criminal complaint against the responsible companies and their managing directors.
Together with the Society for Civil Rights, Reporters without Borders and the European Center for Constitutional and Human Rights, we wrote a 21-page criminal complaint and an eight-page technical appendix, which we submitted to the public prosecutor’s office in Munich on July 5. Now they are investigating.
Our accusations are being taken seriously: The case was escalated directly to the Federal Customs Criminal Investigation Office, which is responsible for violations of the Foreign Trade and Payments Act.
From Munich via Turkey to prison?
Our principle case is Turkey. After the 2016 coup d’état attempt, the Turkish government arrested more than 77,000 people, including 34 journalists. A broad coalition of civil resistance organized against this repression, including the 2017 March for Justice.
During that time, a website „Walk for justice“ appeared, which offered an Android app to help organize the protest movement. This website was advertised on social media. But the app, which is still available today, is a camouflaged state spyware. After installation, it takes complete control of the device, monitors communication and extracts data.
In a detailed technical analysis and a technical appendix we prove that this Turkish state spyware is the German product FinFisher/FinSpy. We then analyze the company structure of FinFisher and suspicious individuals.
We are certain: FinFisher is developed in Munich and FinFisher was sold to Turkey without permission. That is a crime, punishable by a prison sentence up to five years. We hope that the authorities investigate extensively and confirm our accusations.
Until then, German authorities should stop using tools for dictators themselves and stop subsidizing such companies with taxpayers‘ money.
The legal documents are available in English as PDF and in German as HTML.
👉🏼 PDF:
https://cdn.netzpolitik.org/wp-upload/2019/09/2019-07-05_FinFisher_Criminal-Complaint_ENG.pdf
https://netzpolitik.org/2019/we-filed-a-criminal-complaint-prosecutor-launches-investigation-into-finfisher-for-illegal-export-of-state-spyware/
#FinFisher #FinSpy #spyware #CriminalComplaint #investigation #crime #StateTrojan #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
🇪🇸 Los números de teléfono de 420 millones de usuarios de Facebook, a la vista de cualquiera.
Cientos de millones de usuarios se han visto afectados por el último gran fallo de privacidad de Facebook, que ha permitido que una base de datos con números de teléfono se mantenga en un servidor externo.
La existencia de la base de datos ha sido revelada por Techcrunch, que pudo entrar en el servidor sin problemas porque no tenía ningún tipo de protección, ni siquiera por una contraseña; eso significa que cualquiera podría haber encontrado esta base de datos y acceder a su información sin ningún límite.
Cada registro de la base de datos estaba compuesto por el Facebook ID y el número de teléfono del usuario. El Facebook ID es un identificador compuesto de una larga ristra de números, que identifican a cada usuario de la red social. La base de datos tenía más de 419 millones de entradas.
✳️ Cientos de millones de teléfonos, al aire libre.
Con este número es fácil obtener datos como el nombre de usuario de la cuenta. Por lo tanto, alguien con acceso a esta base de datos podría asociar números de teléfono con personas concretas. Techcrunch pudo comprobar la veracidad de estos datos. Además, algunos de estos registros también tienen otra información personal, como el nombre, el género y el país.
Este es uno de los casos más graves protagonizados por Facebook que se recuerdan, y eso es decir mucho. Después de un 2018 protagonizado por el escándalo de Cambridge Analytica, el 2019 no ha sido mucho mejor.
Apenas hace unos meses que se reveló que empleados de Facebook guardaban las contraseñas de los usuarios sin cifrar; y hablando de números de teléfono, se descubrió que no los usaba sólo por seguridad, como afirmaba en un principio.
La gran diferencia del caso de hoy es que, en esta ocasión, esta base de datos no parece formar parte de los planes de Facebook. Todo indica a que alguien se ha dedicado a recopilar esta información de los perfiles; es un proceso llamado "web scraping", por el cual se usan algoritmos para almacenar el contenido de una página de manera automática.
✳️ El problema del scraping de Facebook.
La propia Facebook ha admitido que el scraping es un problema; por ejemplo, cuando una startup consiguió rastrear a usuarios de Instagram usando este método. Todo indica que esta nueva base de datos ha sido creada de esta manera.
Antes, los números de teléfono eran más fácilmente accesibles en Facebook; en abril de 2018, y en respuesta a las informaciones relacionadas con Cambridge Analytica, la compañía decidió limitar el acceso a esa información.
Por lo tanto, es muy probable que estos datos se hayan obtenido antes de esa fecha. Representantes de Facebook han confirmado esto.
El scraping es como el fantasma de las navidades pasadas para Facebook. Es el resultado de las laxas políticas de privacidad que la compañía tenía hasta no hace mucho. Ahora que se desvelan casos como este, representantes de Facebook son rápidos en aclarar que las políticas han cambiado y que ya no sería posible hacer algo como eso. Pero es poco consuelo para quien puede estar recibiendo spam o acoso por teléfono por culpa de esta filtración.
La base de datos ya no está accesible, después de que la empresa de hosting propietaria del servidor haya decidido cerrarlo. Por lo tanto, queda la gran duda de quién consiguió esos datos, cuándo creó esta base de datos y cuál era su objetivo, algo que por ahora, es un misterio.
Lo que si sabemos es que es muy probable que exista una copia, probablemente más, de esta base de datos.
https://www.elespanol.com/omicrono/20190905/numeros-telefono-millones-usuarios-facebook-vista/426957547_0.html
#facebook #privacidad #filtracion #datos
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Cientos de millones de usuarios se han visto afectados por el último gran fallo de privacidad de Facebook, que ha permitido que una base de datos con números de teléfono se mantenga en un servidor externo.
La existencia de la base de datos ha sido revelada por Techcrunch, que pudo entrar en el servidor sin problemas porque no tenía ningún tipo de protección, ni siquiera por una contraseña; eso significa que cualquiera podría haber encontrado esta base de datos y acceder a su información sin ningún límite.
Cada registro de la base de datos estaba compuesto por el Facebook ID y el número de teléfono del usuario. El Facebook ID es un identificador compuesto de una larga ristra de números, que identifican a cada usuario de la red social. La base de datos tenía más de 419 millones de entradas.
✳️ Cientos de millones de teléfonos, al aire libre.
Con este número es fácil obtener datos como el nombre de usuario de la cuenta. Por lo tanto, alguien con acceso a esta base de datos podría asociar números de teléfono con personas concretas. Techcrunch pudo comprobar la veracidad de estos datos. Además, algunos de estos registros también tienen otra información personal, como el nombre, el género y el país.
Este es uno de los casos más graves protagonizados por Facebook que se recuerdan, y eso es decir mucho. Después de un 2018 protagonizado por el escándalo de Cambridge Analytica, el 2019 no ha sido mucho mejor.
Apenas hace unos meses que se reveló que empleados de Facebook guardaban las contraseñas de los usuarios sin cifrar; y hablando de números de teléfono, se descubrió que no los usaba sólo por seguridad, como afirmaba en un principio.
La gran diferencia del caso de hoy es que, en esta ocasión, esta base de datos no parece formar parte de los planes de Facebook. Todo indica a que alguien se ha dedicado a recopilar esta información de los perfiles; es un proceso llamado "web scraping", por el cual se usan algoritmos para almacenar el contenido de una página de manera automática.
✳️ El problema del scraping de Facebook.
La propia Facebook ha admitido que el scraping es un problema; por ejemplo, cuando una startup consiguió rastrear a usuarios de Instagram usando este método. Todo indica que esta nueva base de datos ha sido creada de esta manera.
Antes, los números de teléfono eran más fácilmente accesibles en Facebook; en abril de 2018, y en respuesta a las informaciones relacionadas con Cambridge Analytica, la compañía decidió limitar el acceso a esa información.
Por lo tanto, es muy probable que estos datos se hayan obtenido antes de esa fecha. Representantes de Facebook han confirmado esto.
El scraping es como el fantasma de las navidades pasadas para Facebook. Es el resultado de las laxas políticas de privacidad que la compañía tenía hasta no hace mucho. Ahora que se desvelan casos como este, representantes de Facebook son rápidos en aclarar que las políticas han cambiado y que ya no sería posible hacer algo como eso. Pero es poco consuelo para quien puede estar recibiendo spam o acoso por teléfono por culpa de esta filtración.
La base de datos ya no está accesible, después de que la empresa de hosting propietaria del servidor haya decidido cerrarlo. Por lo tanto, queda la gran duda de quién consiguió esos datos, cuándo creó esta base de datos y cuál era su objetivo, algo que por ahora, es un misterio.
Lo que si sabemos es que es muy probable que exista una copia, probablemente más, de esta base de datos.
https://www.elespanol.com/omicrono/20190905/numeros-telefono-millones-usuarios-facebook-vista/426957547_0.html
#facebook #privacidad #filtracion #datos
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
El Español
Los números de teléfono de 420 millones de usuarios de Facebook, a la vista de cualquiera - EL ESPAÑOL
La base de datos estaba en un servidor sin protección.
Incluía información que asociaba los números con cada usuario.
Facebook también guardó contraseñas sin protección.
Incluía información que asociaba los números con cada usuario.
Facebook también guardó contraseñas sin protección.
Media is too big
VIEW IN TELEGRAM
When is the News Not the News?
So when is the news not the news? When it’s simply ignored by the mockingbird media, of course. Join James for today’s exploration of yet another tool in the propagandists’ toolbox in this week’s edition of #PropagandaWatch.
📺 https://www.corbettreport.com/when-is-the-news-not-the-news-propagandawatch/
#PropagandaWatch #Corbettreport #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
So when is the news not the news? When it’s simply ignored by the mockingbird media, of course. Join James for today’s exploration of yet another tool in the propagandists’ toolbox in this week’s edition of #PropagandaWatch.
📺 https://www.corbettreport.com/when-is-the-news-not-the-news-propagandawatch/
#PropagandaWatch #Corbettreport #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Facebook Is Giving Advertisers Access to Your Shadow Contact Information
Last week, I ran an ad on Facebook that was targeted at a computer science professor named Alan Mislove. Mislove studies how privacy works on social networks and had a theory that Facebook is letting advertisers reach users with contact information collected in surprising ways. I was helping him test the theory by targeting him in a way Facebook had previously told me wouldn’t work. I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove’s office, a number Mislove has never provided to Facebook. He saw the ad within hours.
One of the many ways that ads get in front of your eyeballs on Facebook and Instagram is that the social networking giant lets an advertiser upload a list of phone numbers or email addresses it has on file; it will then put an ad in front of accounts associated with that contact information. A clothing retailer can put an ad for a dress in the Instagram feeds of women who have purchased from them before, a politician can place Facebook ads in front of anyone on his mailing list, or a casino can offer deals to the email addresses of people suspected of having a gambling addiction. Facebook calls this a “custom audience.”
You might assume that you could go to your Facebook profile and look at your “contact and basic info” page to see what email addresses and phone numbers are associated with your account, and thus what advertisers can use to target you. But as is so often the case with this highly efficient data-miner posing as a way to keep in contact with your friends, it’s going about it in a less transparent and more invasive way.
Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all, but that was collected from other people’s contact books, a hidden layer of details Facebook has about you that I’ve come to call “shadow contact information.” I managed to place an ad in front of Alan Mislove by targeting his shadow profile. This means that the junk email address that you hand over for discounts or for shady online shopping is likely associated with your account and being used to target you with ads.
Facebook is not upfront about this practice. In fact, when I asked its PR team last year whether it was using shadow contact information for ads, they denied it. Luckily for those of us obsessed with the uncannily accurate nature of ads on Facebook platforms, a group of academic researchers decided to do a deep dive into how Facebook custom audiences work to find out how users’ phone numbers and email addresses get sucked into the advertising ecosystem.
Giridhari Venkatadri, Piotr Sapiezynski, and Alan Mislove of Northeastern University, along with Elena Lucherini of Princeton University, did a series of tests that involved handing contact information over to Facebook for a group of test accounts in different ways and then seeing whether that information could be used by an advertiser. They came up with a novel way to detect whether that information became available to advertisers by looking at the stats provided by Facebook about the size of an audience after contact information is uploaded. They go into this in greater length and technical detail in their paper.
👉🏼 PDF:
https://mislove.org/publications/PII-PETS.pdf
Read more:
https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051
#DeleteFacebook #Facebook #targeting #advertising #datamining #pdf #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Last week, I ran an ad on Facebook that was targeted at a computer science professor named Alan Mislove. Mislove studies how privacy works on social networks and had a theory that Facebook is letting advertisers reach users with contact information collected in surprising ways. I was helping him test the theory by targeting him in a way Facebook had previously told me wouldn’t work. I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove’s office, a number Mislove has never provided to Facebook. He saw the ad within hours.
One of the many ways that ads get in front of your eyeballs on Facebook and Instagram is that the social networking giant lets an advertiser upload a list of phone numbers or email addresses it has on file; it will then put an ad in front of accounts associated with that contact information. A clothing retailer can put an ad for a dress in the Instagram feeds of women who have purchased from them before, a politician can place Facebook ads in front of anyone on his mailing list, or a casino can offer deals to the email addresses of people suspected of having a gambling addiction. Facebook calls this a “custom audience.”
You might assume that you could go to your Facebook profile and look at your “contact and basic info” page to see what email addresses and phone numbers are associated with your account, and thus what advertisers can use to target you. But as is so often the case with this highly efficient data-miner posing as a way to keep in contact with your friends, it’s going about it in a less transparent and more invasive way.
Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all, but that was collected from other people’s contact books, a hidden layer of details Facebook has about you that I’ve come to call “shadow contact information.” I managed to place an ad in front of Alan Mislove by targeting his shadow profile. This means that the junk email address that you hand over for discounts or for shady online shopping is likely associated with your account and being used to target you with ads.
Facebook is not upfront about this practice. In fact, when I asked its PR team last year whether it was using shadow contact information for ads, they denied it. Luckily for those of us obsessed with the uncannily accurate nature of ads on Facebook platforms, a group of academic researchers decided to do a deep dive into how Facebook custom audiences work to find out how users’ phone numbers and email addresses get sucked into the advertising ecosystem.
Giridhari Venkatadri, Piotr Sapiezynski, and Alan Mislove of Northeastern University, along with Elena Lucherini of Princeton University, did a series of tests that involved handing contact information over to Facebook for a group of test accounts in different ways and then seeing whether that information could be used by an advertiser. They came up with a novel way to detect whether that information became available to advertisers by looking at the stats provided by Facebook about the size of an audience after contact information is uploaded. They go into this in greater length and technical detail in their paper.
👉🏼 PDF:
https://mislove.org/publications/PII-PETS.pdf
Read more:
https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051
#DeleteFacebook #Facebook #targeting #advertising #datamining #pdf #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Introduction to (home) network security.
A beginner-friendly guide to network segmentation for privacy and security in the age of the Internet of Insecure Things.
Typical home networks use a closed-source Internet Service Provider supplied router/firewall and contain no restrictions on communications between clients within the network. The widespread deployment of network-connected appliances, control systems, lighting, etc, means that this design is insecure. This talk will cover the basics of networking, including why and how segregation of different types of network clients and traffic can be achieved to increase privacy and security.
📺 https://media.ccc.de/v/Camp2019-10225-introduction_to_home_network_security
#ChaosCommunicationCamp #CCCamp19 #CCC #network #security #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
A beginner-friendly guide to network segmentation for privacy and security in the age of the Internet of Insecure Things.
Typical home networks use a closed-source Internet Service Provider supplied router/firewall and contain no restrictions on communications between clients within the network. The widespread deployment of network-connected appliances, control systems, lighting, etc, means that this design is insecure. This talk will cover the basics of networking, including why and how segregation of different types of network clients and traffic can be achieved to increase privacy and security.
📺 https://media.ccc.de/v/Camp2019-10225-introduction_to_home_network_security
#ChaosCommunicationCamp #CCCamp19 #CCC #network #security #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Audio
Privacy or Profit - Why Not Both?
Every day, #OurData hits the market when we sign #online. It’s for sale, and we’re left to wonder if tech companies will ever choose to protect our privacy rather than reap large profits with our information. But, is the choice — profit or privacy — a false dilemma? Meet the people who have built profitable tech businesses while also respecting your #privacy. Fact check if #Facebook and #Google have really found religion in privacy. And, imagine a world where you could actually get paid to share your data.
📻 https://irlpodcast.org/
#IRL #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Every day, #OurData hits the market when we sign #online. It’s for sale, and we’re left to wonder if tech companies will ever choose to protect our privacy rather than reap large profits with our information. But, is the choice — profit or privacy — a false dilemma? Meet the people who have built profitable tech businesses while also respecting your #privacy. Fact check if #Facebook and #Google have really found religion in privacy. And, imagine a world where you could actually get paid to share your data.
📻 https://irlpodcast.org/
#IRL #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Spyware company leaves private customer data on the internet
A manufacturer of consumer spyware marketed to parents and partners has published incredibly intimate user data on a server freely accessible over the Internet. Freely available for all to see and hear: photos of children, school report cards, call recordings. The companies responsible for the stalkerware are largely indifferent to what happens with the data.
A child, maybe six or seven, picks his nose with both fingers and makes silly faces for the camera. In the next picture he is eating a banana. Then we see a photo of a school report card, picture taken from a computer screen. It shows the child’s full name and the current grades in English and biology.
What looks like the digital photo album of a normal family has been freely available on the internet for more than a year – without the knowledge of the people concerned. A company that sells stalkerware – software for the secret surveillance of children and partners – has published these pictures and hundreds of intimate call recordings on the internet.
The photos not only show the child and his parents, their apartment, their bedroom, but also connect these to personal data such as names, e-mail addresses or medication prescriptions. The data has been on a server since April 2018 – without a password or other protection, freely available ot anyone with an internet connection.
For people „who are tired of being lied to“
Responsible for this privacy disaster is a company called Spyapp247. It sells an app that allows you to spy on what another person is doing on their phone. The Android app records phone calls, chat messages, browser history, photos, allows access to the address book and tracks location data – without the affected person noticing. According to the manufacturer, even the microphone can be switched on remotely: The telephone becomes a bug.
Spyapp247 markets the app on its website to people „who are tired of being lied to and cheated on,“ meaning: who want to spy on a partner. Civil rights organizations therefore call such apps stalkerware. But the company also advertises its apps as a tool for cautious parents to recognize „dangers to your children before they ever happen.“
Spyware manufacturer not reacting
It is hard to tell who installed the app in this case, and for what purpose, but it is likely that the data was obtained without the consent of the person targeted. In order to install the app, a person must have physical access to the device for at least a few minutes. Once the app is on the phone, it can collect all kinds of information in the background. The data is uploaded to a server and presented to the operator in a browser window.
👉🏼 Read more:
https://netzpolitik.org/2019/spyware-company-leaves-private-customer-data-on-the-internet/
#spyware #Spyapp247 #stalkerware #dataprotection #dataleak #userdata #surveillance #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
A manufacturer of consumer spyware marketed to parents and partners has published incredibly intimate user data on a server freely accessible over the Internet. Freely available for all to see and hear: photos of children, school report cards, call recordings. The companies responsible for the stalkerware are largely indifferent to what happens with the data.
A child, maybe six or seven, picks his nose with both fingers and makes silly faces for the camera. In the next picture he is eating a banana. Then we see a photo of a school report card, picture taken from a computer screen. It shows the child’s full name and the current grades in English and biology.
What looks like the digital photo album of a normal family has been freely available on the internet for more than a year – without the knowledge of the people concerned. A company that sells stalkerware – software for the secret surveillance of children and partners – has published these pictures and hundreds of intimate call recordings on the internet.
The photos not only show the child and his parents, their apartment, their bedroom, but also connect these to personal data such as names, e-mail addresses or medication prescriptions. The data has been on a server since April 2018 – without a password or other protection, freely available ot anyone with an internet connection.
For people „who are tired of being lied to“
Responsible for this privacy disaster is a company called Spyapp247. It sells an app that allows you to spy on what another person is doing on their phone. The Android app records phone calls, chat messages, browser history, photos, allows access to the address book and tracks location data – without the affected person noticing. According to the manufacturer, even the microphone can be switched on remotely: The telephone becomes a bug.
Spyapp247 markets the app on its website to people „who are tired of being lied to and cheated on,“ meaning: who want to spy on a partner. Civil rights organizations therefore call such apps stalkerware. But the company also advertises its apps as a tool for cautious parents to recognize „dangers to your children before they ever happen.“
Spyware manufacturer not reacting
It is hard to tell who installed the app in this case, and for what purpose, but it is likely that the data was obtained without the consent of the person targeted. In order to install the app, a person must have physical access to the device for at least a few minutes. Once the app is on the phone, it can collect all kinds of information in the background. The data is uploaded to a server and presented to the operator in a browser window.
👉🏼 Read more:
https://netzpolitik.org/2019/spyware-company-leaves-private-customer-data-on-the-internet/
#spyware #Spyapp247 #stalkerware #dataprotection #dataleak #userdata #surveillance #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
uninformed-consent_Yl7FPEh.pdf
845.7 KB
Data protectors consider most cookie banners illegal
Only very few cookie banners comply with the provisions of the DSGVO, as a study has shown. However, the data protection authorities are still reluctant to impose sanctions.
Studying GDPR Consent Notices in theField
👉🏼 🇬🇧 PDF:
https://www.syssec.ruhr-uni-bochum.de/media/emma/veroeffentlichungen/2019/09/05/uninformed-consent_Yl7FPEh.pdf
https://www.golem.de/news/manipulierte-zustimmung-die-meisten-cookie-banner-sind-illegal-1909-143773.html
#gdpr #study #cookie #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Only very few cookie banners comply with the provisions of the DSGVO, as a study has shown. However, the data protection authorities are still reluctant to impose sanctions.
Studying GDPR Consent Notices in theField
👉🏼 🇬🇧 PDF:
https://www.syssec.ruhr-uni-bochum.de/media/emma/veroeffentlichungen/2019/09/05/uninformed-consent_Yl7FPEh.pdf
https://www.golem.de/news/manipulierte-zustimmung-die-meisten-cookie-banner-sind-illegal-1909-143773.html
#gdpr #study #cookie #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
This media is not supported in your browser
VIEW IN TELEGRAM
The remix story behind Hong Kong's new protest anthem
Hong Kong’s protestors want greater autonomy from mainland China, a grievance they’re expressing through a song some are calling their new “national anthem.”
👉🏼 Read more:
https://time.com/5672018/glory-to-hong-kong-protests-national-anthem/
📺 With english subs:
https://www.youtube.com/watch?v=y7yRDOLCy4Y
📺 Orchestral version:
https://www.youtube.com/watch?v=oUIDL4SB60g
#FreeHongKong #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Hong Kong’s protestors want greater autonomy from mainland China, a grievance they’re expressing through a song some are calling their new “national anthem.”
👉🏼 Read more:
https://time.com/5672018/glory-to-hong-kong-protests-national-anthem/
📺 With english subs:
https://www.youtube.com/watch?v=y7yRDOLCy4Y
📺 Orchestral version:
https://www.youtube.com/watch?v=oUIDL4SB60g
#FreeHongKong #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
The creep in your pocket
Mobile spyware/stalkerware services offer common users to spy on mobile devices of people close to them, such as their children or spouses. This talk presents different types of these services and touches their social impact.
The talk focuses on #android and #iOS #spyware that do not require rooting or jailbreaking the victim's device. During the talk I will also show how Android spyware #apps misuse Android OS features to spy on
victims and hide themselves on their devices. Additionally, I will discuss the legal side of these services, as well as their social impact, such as domestic violence.
📺 https://media.ccc.de/v/2019-214-the-creep-in-your-pocket
#video #mrmcd19 #CCC
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Mobile spyware/stalkerware services offer common users to spy on mobile devices of people close to them, such as their children or spouses. This talk presents different types of these services and touches their social impact.
The talk focuses on #android and #iOS #spyware that do not require rooting or jailbreaking the victim's device. During the talk I will also show how Android spyware #apps misuse Android OS features to spy on
victims and hide themselves on their devices. Additionally, I will discuss the legal side of these services, as well as their social impact, such as domestic violence.
📺 https://media.ccc.de/v/2019-214-the-creep-in-your-pocket
#video #mrmcd19 #CCC
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Hæçk français - œuvres choisies de la Grande Nation - Let's dig in the archives of the French "datenschleuder" !
Once upon a time, back then in 1993 the #ChaosComputerClub France started their own "Datenschleuder" : the "Chaos Digest".
But here's the twist : the #CCCF was piloted by the #french #secretservice to protect the interests of big companies and of the #government.
So what was going on in the six months of existence of this online service ? Let's find out, and as we will see, even more than 25 years later, some things never change…
📺 https://media.ccc.de/v/2019-212-hk-franais-uvres-choisies-de-la-grande-nation
#video #mrmcd19 #CCC
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Once upon a time, back then in 1993 the #ChaosComputerClub France started their own "Datenschleuder" : the "Chaos Digest".
But here's the twist : the #CCCF was piloted by the #french #secretservice to protect the interests of big companies and of the #government.
So what was going on in the six months of existence of this online service ? Let's find out, and as we will see, even more than 25 years later, some things never change…
📺 https://media.ccc.de/v/2019-212-hk-franais-uvres-choisies-de-la-grande-nation
#video #mrmcd19 #CCC
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Julian Assange to stay in prison over absconding fears
Wikileaks co-founder Julian Assange is to remain in prison when his jail term ends because of his "history of absconding", a judge has ruled.
He was due to be released on 22 September after serving his sentence for breaching bail conditions.
But Westminster Magistrates' Court heard there were "substantial grounds" for believing he would abscond again.
The Australian, 48, is fighting extradition to the US over allegations of leaking government secrets.
He will face a full extradition hearing next year, starting on 25 February, after an extradition request was signed by the then home secretary Sajid Javid in June.
Assange received a 50-week sentence in Belmarsh Prison, south-east London, after being found guilty of breaching the Bail Act in April.
He was arrested at the Ecuadorian Embassy, where he took refuge in 2012 to avoid extradition to Sweden over sexual assault allegations - which he has denied.
District judge Vanessa Baraitser on Friday told Assange, who appeared by video-link: "You have been produced today because your sentence of imprisonment is about to come to an end.
"When that happens your remand status changes from a serving prisoner to a person facing extradition."
She said that his lawyer had declined to make an application for bail on his behalf, adding "perhaps not surprisingly in light of your history of absconding in these proceedings".
"In my view I have substantial ground for believing if I release you, you will abscond again."
He faces 18 charges in the US, including computer misuse and the unauthorised disclosure of national defence information.
He is accused of working with former US army intelligence analyst Chelsea Manning in "unlawfully obtaining and disclosing classified documents related to the national defence", according to the US Justice Department.
He spent seven years inside the Ecuadorian embassy in London before being handed over to British authorities by Ecuador in April.
In May, Swedish prosecutors reopened their investigation into an allegation of rape against Assange.
https://www.bbc.com/news/uk-49689167
#FreeAssange
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Wikileaks co-founder Julian Assange is to remain in prison when his jail term ends because of his "history of absconding", a judge has ruled.
He was due to be released on 22 September after serving his sentence for breaching bail conditions.
But Westminster Magistrates' Court heard there were "substantial grounds" for believing he would abscond again.
The Australian, 48, is fighting extradition to the US over allegations of leaking government secrets.
He will face a full extradition hearing next year, starting on 25 February, after an extradition request was signed by the then home secretary Sajid Javid in June.
Assange received a 50-week sentence in Belmarsh Prison, south-east London, after being found guilty of breaching the Bail Act in April.
He was arrested at the Ecuadorian Embassy, where he took refuge in 2012 to avoid extradition to Sweden over sexual assault allegations - which he has denied.
District judge Vanessa Baraitser on Friday told Assange, who appeared by video-link: "You have been produced today because your sentence of imprisonment is about to come to an end.
"When that happens your remand status changes from a serving prisoner to a person facing extradition."
She said that his lawyer had declined to make an application for bail on his behalf, adding "perhaps not surprisingly in light of your history of absconding in these proceedings".
"In my view I have substantial ground for believing if I release you, you will abscond again."
He faces 18 charges in the US, including computer misuse and the unauthorised disclosure of national defence information.
He is accused of working with former US army intelligence analyst Chelsea Manning in "unlawfully obtaining and disclosing classified documents related to the national defence", according to the US Justice Department.
He spent seven years inside the Ecuadorian embassy in London before being handed over to British authorities by Ecuador in April.
In May, Swedish prosecutors reopened their investigation into an allegation of rape against Assange.
https://www.bbc.com/news/uk-49689167
#FreeAssange
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Anti-Abuse Working Group Minutes RIPE 77
👉🏼 PDF:
Criminal Abuse in RIPE IP Space
https://ripe77.ripe.net/presentations/134-RIPE77_Anti_Abuse_WG.pdf
📺 https://ripe77.ripe.net/archives/video/2286/
#CriminalAbuse #RIPE77 #WorkingGroup #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
👉🏼 PDF:
Criminal Abuse in RIPE IP Space
https://ripe77.ripe.net/presentations/134-RIPE77_Anti_Abuse_WG.pdf
📺 https://ripe77.ripe.net/archives/video/2286/
#CriminalAbuse #RIPE77 #WorkingGroup #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Privacy leaks in smart devices: Extracting data from used smart home devices
Remember the good old fun sport, where people bought random hard drives from ebay and did forensics on them?
Did you know you can do the same thing with used #IoT #devices too? Most end-users have no idea what kind of #information their devices are storing and how to securely clean their devices (if that even is possible). Lets explore together what the risks are and how we can extract that data.
📺 https://media.ccc.de/v/Camp2019-10355-privacy_leaks_in_smart_devices_extracting_data_from_used_smart_home_devices
#ChaosCommunicationCamp #CCCamp19 #CCC #network #security #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Remember the good old fun sport, where people bought random hard drives from ebay and did forensics on them?
Did you know you can do the same thing with used #IoT #devices too? Most end-users have no idea what kind of #information their devices are storing and how to securely clean their devices (if that even is possible). Lets explore together what the risks are and how we can extract that data.
📺 https://media.ccc.de/v/Camp2019-10355-privacy_leaks_in_smart_devices_extracting_data_from_used_smart_home_devices
#ChaosCommunicationCamp #CCCamp19 #CCC #network #security #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
NPP 184 with Lawrence Lessig: on Joi Ito, the MIT Media Lab and…
Lawrence Lessig, Chris Köver, Alexander Fanta
NPP 184 with Lawrence Lessig: on Joi Ito, the MIT Media Lab and reputation laundering
The #MIT Media Lab took millions in donations from Jeffrey #Epstein and director Joi #Ito was trying to hide it. Was Ito doing the right thing? A conversation with Lawrence #Lessig on Epstein, Ito, MIT and the damage done by taking money from a donor who has caused such significant pain to so many.
📻 https://netzpolitik.org/2019/npp-184-with-lawrence-lessig-on-joi-ito-the-mit-media-lab-and-reputation-laundering/
#NPP #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The #MIT Media Lab took millions in donations from Jeffrey #Epstein and director Joi #Ito was trying to hide it. Was Ito doing the right thing? A conversation with Lawrence #Lessig on Epstein, Ito, MIT and the damage done by taking money from a donor who has caused such significant pain to so many.
📻 https://netzpolitik.org/2019/npp-184-with-lawrence-lessig-on-joi-ito-the-mit-media-lab-and-reputation-laundering/
#NPP #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Database leaks data on most of Ecuador's citizens, including 6.7 million children
Elasticsearch server leaks personal data on Ecuador's citizens, their family trees, and children, but also some users' financial records and car registration information.
The personal records of most of Ecuador's population, including children, has been left exposed online due to a misconfigured database, ZDNet has learned.
The database, an Elasticsearch searver, was discovered two weeks ago by vpnMentor security researchers Noam Rotem and Ran Locar, who shared their findings exclusively with ZDNet. Together, we worked to analyze the leaking data, verify its authenticity, and contact the server owner.
The leaky server is one of the, if not the biggest, data breaches in Ecuador's history, a small South American country with a population of 16.6 million citizens.
20.8 million user records
The Elasticsearch server contained a total of approximately 20.8 million user records, a number larger than the country's total population count. The bigger number comes from duplicate records or older entries, containing the data of deceased persons.
The data was spread across different Elasticsearch indexes. These indexes contained different information, supposedly obtained from different sources. They stored details such as names, information on family members/trees, civil registration data, financial and work information, but also data on car ownership.
Based on the names of these indexes, the entire database could be split in two main categories, based on the data's supposed origin. There's data that appears to have been gathered from a government sources, and data that appears to have been gathered from private databases.
The data from government sources
The most extensive data was the one that appears to have been gathered from the Ecuadorian government's civil registry.
This data contained entries holding citizens' full names, dates of birth, places of birth, home addresses, marital status, cedulas (national ID numbers), work/job information, phone numbers, and education levels.
ZDNet verified the authenticity of this data by contacting some users listed in the database. The database was up to date, containing information as recent as 2019.
We were able to find records for the country's president, and even Julian Assange, who once received political asylum from the small South Americam country, and was issued a natioanl ID number (cedula).
👉🏼 Read more:
https://www.zdnet.com/article/database-leaks-data-on-most-of-ecuadors-citizens-including-6-7-million-children/
👉🏼 Read on TG:
https://t.iss.one/BlackBox_EN/3100
#database #leak #ecuador
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Elasticsearch server leaks personal data on Ecuador's citizens, their family trees, and children, but also some users' financial records and car registration information.
The personal records of most of Ecuador's population, including children, has been left exposed online due to a misconfigured database, ZDNet has learned.
The database, an Elasticsearch searver, was discovered two weeks ago by vpnMentor security researchers Noam Rotem and Ran Locar, who shared their findings exclusively with ZDNet. Together, we worked to analyze the leaking data, verify its authenticity, and contact the server owner.
The leaky server is one of the, if not the biggest, data breaches in Ecuador's history, a small South American country with a population of 16.6 million citizens.
20.8 million user records
The Elasticsearch server contained a total of approximately 20.8 million user records, a number larger than the country's total population count. The bigger number comes from duplicate records or older entries, containing the data of deceased persons.
The data was spread across different Elasticsearch indexes. These indexes contained different information, supposedly obtained from different sources. They stored details such as names, information on family members/trees, civil registration data, financial and work information, but also data on car ownership.
Based on the names of these indexes, the entire database could be split in two main categories, based on the data's supposed origin. There's data that appears to have been gathered from a government sources, and data that appears to have been gathered from private databases.
The data from government sources
The most extensive data was the one that appears to have been gathered from the Ecuadorian government's civil registry.
This data contained entries holding citizens' full names, dates of birth, places of birth, home addresses, marital status, cedulas (national ID numbers), work/job information, phone numbers, and education levels.
ZDNet verified the authenticity of this data by contacting some users listed in the database. The database was up to date, containing information as recent as 2019.
We were able to find records for the country's president, and even Julian Assange, who once received political asylum from the small South Americam country, and was issued a natioanl ID number (cedula).
👉🏼 Read more:
https://www.zdnet.com/article/database-leaks-data-on-most-of-ecuadors-citizens-including-6-7-million-children/
👉🏼 Read on TG:
https://t.iss.one/BlackBox_EN/3100
#database #leak #ecuador
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Computer scientist Richard Stallman, who defended Jeffrey Epstein, resigns from MIT CSAIL and the Free Software Foundation
Computer scientist and open software advocate Richard Stallman said he has resigned from his position as a visiting scientist at MIT’s Computer Science and Artificial Intelligence Lab (CSAIL) after describing a victim of sex trafficker Jeffrey Epstein as “entirely willing” in emails sent to a department list. Stallman has also stepped down from his roles as president and board director at the Free Software Foundation, the nonprofit he founded in 1985.
Last week, the Daily Beast reported that Stallman had also called for the legalization of child pornography and abolishment of age of consent laws on his personal blog in multiple posts published over the course of 15 years. https://www.thedailybeast.com/famed-mit-computer-scientist-richard-stallman-defends-epstein-victims-were-entirely-willing
In his MIT CSAIL resignation, also posted to his personal blog, Stallman wrote: “To the MIT Community, I am resigning effective immediately from my position in CSAIL at MIT. I am doing this due to pressure on MIT and me over a series of misunderstandings.”
MIT has been under scrutiny for its ties to Epstein, who a New Yorker investigation found had secured $7.5 million in donations for the MIT Media Lab, far more than what was previously disclosed. As a result, its director, Joi Ito, resigned last week and MIT ordered an investigation into the Media Lab’s ties to Epstein, who was found dead in his jail cell last month while awaiting federal trial on sex trafficking charges.
As part of its preliminary findings, MIT president Rafael Reif admitted that the law firm conducting the investigation had uncovered a letter he wrote to thank Epstein for a donation in 2012, four years after Epstein had already pled guilty to procuring for prostitution a girl under 18. “I apparently signed this letter on August 16, 2012, about six weeks into my presidency,” Reif wrote. “Although I do not recall it, it does bear my signature.” https://www.thedailybeast.com/mit-president-l-rafael-reif-admits-he-knew-about-jeffrey-epsteins-donations
👉🏼 Read more:
https://techcrunch.com/2019/09/16/computer-scientist-richard-stallman-who-defended-jeffrey-epstein-resigns-from-mit-csail-and-the-free-software-foundation/
#stallman #epstein #ChildPornography #pedo #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Computer scientist and open software advocate Richard Stallman said he has resigned from his position as a visiting scientist at MIT’s Computer Science and Artificial Intelligence Lab (CSAIL) after describing a victim of sex trafficker Jeffrey Epstein as “entirely willing” in emails sent to a department list. Stallman has also stepped down from his roles as president and board director at the Free Software Foundation, the nonprofit he founded in 1985.
Last week, the Daily Beast reported that Stallman had also called for the legalization of child pornography and abolishment of age of consent laws on his personal blog in multiple posts published over the course of 15 years. https://www.thedailybeast.com/famed-mit-computer-scientist-richard-stallman-defends-epstein-victims-were-entirely-willing
In his MIT CSAIL resignation, also posted to his personal blog, Stallman wrote: “To the MIT Community, I am resigning effective immediately from my position in CSAIL at MIT. I am doing this due to pressure on MIT and me over a series of misunderstandings.”
MIT has been under scrutiny for its ties to Epstein, who a New Yorker investigation found had secured $7.5 million in donations for the MIT Media Lab, far more than what was previously disclosed. As a result, its director, Joi Ito, resigned last week and MIT ordered an investigation into the Media Lab’s ties to Epstein, who was found dead in his jail cell last month while awaiting federal trial on sex trafficking charges.
As part of its preliminary findings, MIT president Rafael Reif admitted that the law firm conducting the investigation had uncovered a letter he wrote to thank Epstein for a donation in 2012, four years after Epstein had already pled guilty to procuring for prostitution a girl under 18. “I apparently signed this letter on August 16, 2012, about six weeks into my presidency,” Reif wrote. “Although I do not recall it, it does bear my signature.” https://www.thedailybeast.com/mit-president-l-rafael-reif-admits-he-knew-about-jeffrey-epsteins-donations
👉🏼 Read more:
https://techcrunch.com/2019/09/16/computer-scientist-richard-stallman-who-defended-jeffrey-epstein-resigns-from-mit-csail-and-the-free-software-foundation/
#stallman #epstein #ChildPornography #pedo #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
🇪🇸 El gobierno de EE.UU quiere leer los correos de los jefes de Facebook, Apple y más.
Las investigaciones antimonopolio que se están sucediendo a las principales empresas tecnológicas podría dar un paso más allá. El gobierno de Estados Unidos pide leer los correos de los principales CEOs tecnológicos. Entre ellos se encuentran Mark Zuckerberg, CEO de Facebook o Tim Cook, CEO de Apple.
Uno de los más altos cargos del ejecutivo de Estados Unidos solicita poder revisar estos correos en el marco de una importante investigación antimonopolio que está llevando a cabo el país.
Como ya pudimos comprobar, estos correos pueden contener información sensible tanto de la persona en cuestión como de la empresa que lleva. De revelarse estos correos podríamos asistir a una importante sacudida en el sector tecnológico al revelarse sus principales acciones.
✳️ El gobierno de los EE.UU quiere acceder a correos de Facebook, Amazon o Apple
Tal y como aseguran desde TechRadar y Reuters esta solicitud proviene de un plan de la Cámara de Representantes estadounidense para buscar todavía más información sobre cómo las empresas tecnológicas principales llevan a cabo sus operaciones comerciales.
Estos legisladores buscan, entre otros, correos que hablen de adquisiciones de alto nivel como la adquisición de YouTube de YouTube y Android o la compra de WhatsApp e Instagram por parte de Facebook.
Reuters, de hecho, asegura que que se ha solicitado nformación sobre participación de mercado, competidores, sus mayores clientes para productos específicos y documentos de otras investigaciones.
Por ejemplo, se le ha pedido a Facebook más información sobre su decisión de fusionar Messenger, WhatsApp e Instagram en un único servicio y a Apple se le ha pedido que envíe detalles sobre su política con respecto a si los usuarios de iPhone pueden configurar las aplicaciones que no son de Apple como predeterminadas.
Las declaraciones de los legisladores conservadores, principales impulsores de estas medidas, son tajantes. Jerrold Nadler, presidente del Comité Judicial de la Cámara de Representantes, ha asegurado que "cada vez hay más pruebas de que un puñado de corporaciones han llegado a capturar una parte descomunal del comercio y las comunicaciones online".
Por su parte, Doug Collins Collins, Representante Republicano, asegura lo siguiente: "Esta información es clave para ayudar a determinar si se está produciendo un comportamiento anticompetitivo, si nuestras agencias de aplicación de la ley antimonopolio deberían investigar problemas específicos y si nuestras leyes antimonopolio necesitan o no mejoras para promover mejor la competencia en los mercados digitales".
https://www.elespanol.com/omicrono/20190916/gobierno-eeuu-quiere-correos-jefes-facebook-apple/429707403_0.html
#apple #facebook #eeuu #correos
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Las investigaciones antimonopolio que se están sucediendo a las principales empresas tecnológicas podría dar un paso más allá. El gobierno de Estados Unidos pide leer los correos de los principales CEOs tecnológicos. Entre ellos se encuentran Mark Zuckerberg, CEO de Facebook o Tim Cook, CEO de Apple.
Uno de los más altos cargos del ejecutivo de Estados Unidos solicita poder revisar estos correos en el marco de una importante investigación antimonopolio que está llevando a cabo el país.
Como ya pudimos comprobar, estos correos pueden contener información sensible tanto de la persona en cuestión como de la empresa que lleva. De revelarse estos correos podríamos asistir a una importante sacudida en el sector tecnológico al revelarse sus principales acciones.
✳️ El gobierno de los EE.UU quiere acceder a correos de Facebook, Amazon o Apple
Tal y como aseguran desde TechRadar y Reuters esta solicitud proviene de un plan de la Cámara de Representantes estadounidense para buscar todavía más información sobre cómo las empresas tecnológicas principales llevan a cabo sus operaciones comerciales.
Estos legisladores buscan, entre otros, correos que hablen de adquisiciones de alto nivel como la adquisición de YouTube de YouTube y Android o la compra de WhatsApp e Instagram por parte de Facebook.
Reuters, de hecho, asegura que que se ha solicitado nformación sobre participación de mercado, competidores, sus mayores clientes para productos específicos y documentos de otras investigaciones.
Por ejemplo, se le ha pedido a Facebook más información sobre su decisión de fusionar Messenger, WhatsApp e Instagram en un único servicio y a Apple se le ha pedido que envíe detalles sobre su política con respecto a si los usuarios de iPhone pueden configurar las aplicaciones que no son de Apple como predeterminadas.
Las declaraciones de los legisladores conservadores, principales impulsores de estas medidas, son tajantes. Jerrold Nadler, presidente del Comité Judicial de la Cámara de Representantes, ha asegurado que "cada vez hay más pruebas de que un puñado de corporaciones han llegado a capturar una parte descomunal del comercio y las comunicaciones online".
Por su parte, Doug Collins Collins, Representante Republicano, asegura lo siguiente: "Esta información es clave para ayudar a determinar si se está produciendo un comportamiento anticompetitivo, si nuestras agencias de aplicación de la ley antimonopolio deberían investigar problemas específicos y si nuestras leyes antimonopolio necesitan o no mejoras para promover mejor la competencia en los mercados digitales".
https://www.elespanol.com/omicrono/20190916/gobierno-eeuu-quiere-correos-jefes-facebook-apple/429707403_0.html
#apple #facebook #eeuu #correos
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
El Español
El gobierno de EE.UU quiere leer los correos de los jefes de Facebook, Apple y más
El gobierno de los EE.UU solicita correos con información. El CEO de Facebook es uno de los 'afectados'. El co-fundador de Facebook pidió dividir la empresa.
U.S Sues Edward Snowden and You'd be Surprised to Know Why
The United States today filed a lawsuit against Edward Snowden, a former employee of the CIA and NSA government agencies who made headlines worldwide in 2013 after he fled the country and leaked top-secret information about NSA’s global and domestic surveillance activities.
And, you would be more surprised to know the reason for this lawsuit.
No, it’s not for leaking secrets; instead, for publishing a book without submitting it to the agencies for pre-publication review.
In his latest book, titled "Permanent Record" and released today on September 17th, Edward Snowden for the first time revealed the story of his life, including how he helped to build that surveillance system and what motivated him to try to bring it down.
According to a press release U.S. Department of Justice just published, with the publication of his book Snowden has violated non-disclosure agreements he signed with both CIA and NSA agencies.
The lawsuit alleges that Snowden published Permanent Record without first submitting the book to the agencies for pre-publication review and also gave public speeches on intelligence-related matters, violating the agreements he signed with the agencies.
The United States government is not looking to stop or restrict the publication or distribution of Permanent Record, but instead, is seeking to recover all proceeds earned by Snowden.
"Under well-established Supreme Court precedent, Snepp v. the United States, the government seeks to recover all proceeds earned by Snowden because of his failure to submit his publication for pre-publication review in violation of his alleged contractual and fiduciary obligations," the press release reads.
Besides Snowden, the US government is also suing the publisher solely to ensure that no funds are transferred to Snowden, or any account at his direction, while the court resolves the United States' claims.
"The United States' ability to protect sensitive national security information depends on employees' and contractors' compliance with their non-disclosure agreements, including their pre-publication review obligations," said Assistant Attorney General Jody Hunt of the Department of Justice's Civil Division.
👉🏼 Read more:
https://thehackernews.com/2019/09/edward-snowden-lawsuit.html
#EdwardSnowden #CIA #NSA #lawsuit
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The United States today filed a lawsuit against Edward Snowden, a former employee of the CIA and NSA government agencies who made headlines worldwide in 2013 after he fled the country and leaked top-secret information about NSA’s global and domestic surveillance activities.
And, you would be more surprised to know the reason for this lawsuit.
No, it’s not for leaking secrets; instead, for publishing a book without submitting it to the agencies for pre-publication review.
In his latest book, titled "Permanent Record" and released today on September 17th, Edward Snowden for the first time revealed the story of his life, including how he helped to build that surveillance system and what motivated him to try to bring it down.
According to a press release U.S. Department of Justice just published, with the publication of his book Snowden has violated non-disclosure agreements he signed with both CIA and NSA agencies.
The lawsuit alleges that Snowden published Permanent Record without first submitting the book to the agencies for pre-publication review and also gave public speeches on intelligence-related matters, violating the agreements he signed with the agencies.
The United States government is not looking to stop or restrict the publication or distribution of Permanent Record, but instead, is seeking to recover all proceeds earned by Snowden.
"Under well-established Supreme Court precedent, Snepp v. the United States, the government seeks to recover all proceeds earned by Snowden because of his failure to submit his publication for pre-publication review in violation of his alleged contractual and fiduciary obligations," the press release reads.
Besides Snowden, the US government is also suing the publisher solely to ensure that no funds are transferred to Snowden, or any account at his direction, while the court resolves the United States' claims.
"The United States' ability to protect sensitive national security information depends on employees' and contractors' compliance with their non-disclosure agreements, including their pre-publication review obligations," said Assistant Attorney General Jody Hunt of the Department of Justice's Civil Division.
👉🏼 Read more:
https://thehackernews.com/2019/09/edward-snowden-lawsuit.html
#EdwardSnowden #CIA #NSA #lawsuit
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN