Apparently other VPN providers were also compromised:

It’s also believed several other VPN providers may have been breached around the same time. Similar records posted online — and seen by TechCrunch — suggest that TorGuard and VikingVPN may have also been compromised, but spokespeople did not return a request for comment.

https://mobile.twitter.com/hexdefined/status/1186106695073726466

https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/

👉🏼 NordVPN has been hacked:
https://t.iss.one/BlackBox_Archiv/677

#leak #NordVPN #TorGuard #VikingVPN #hack #hacker #hacked
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Avast, NordVPN Breaches Tied to Phantom User Accounts

Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password.

Based in the Czech Republic, Avast bills itself as the most popular antivirus vendor on the market, with over 435 million users. In a blog post today, Avast said it detected and addressed a breach lasting between May and October 2019 that appeared to target users of its CCleaner application, a popular Microsoft Windows cleanup and repair utility. https://blog.avast.com/ccleaner-fights-off-cyberespionage-attempt-abiss

Avast said it took CCleaner downloads offline in September to check the integrity of the code and ensure it hadn’t been injected with malware. The company also said it invalidated the certificates used to sign previous versions of the software and pushed out a re-signed clean update of the product via automatic update on October 15. It then disabled and reset all internal user credentials.

“Having taken all these precautions, we are confident to say that our CCleaner users are protected and unaffected,” Avast’s Jaya Baloo wrote.

This is not the first so-called “supply chain” attack on Avast: In September 2018, researchers at Cisco Talos and Morphisec disclosed that hackers had compromised the computer cleanup tool for more than a month, leading to some 2.27 million downloads of the corrupt CCleaner version.

Avast said the intrusion began when attackers used stolen credentials for a VPN service that was configured to connect to its internal network, and that the attackers were not challenged with any sort of multi-factor authentication — such as a one-time code generated by a mobile app.

“We found that the internal network was successfully accessed with compromised credentials through a temporary VPN profile that had erroneously been kept enabled and did not require 2FA,” Baloo wrote.

👉🏼 Read more:
https://krebsonsecurity.com/2019/10/avast-nordvpn-breaches-tied-to-phantom-user-accounts/#more-49296

#leak #breach #NordVPN #Avast #CCleaner #TorGuard #VikingVPN #hack #hacker #hacked
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Lies, Damned Lies, and Government Nutrition Advice

#Nutrition #science is almost always a hot, steaming pile of contradictory nonsense. How much worse, then, that our eating habits and dietary #guidelines are shaped by the #government (and its corporate string-pullers)? Join James for this extra tasty, sugar-free, all organic, non-GMO edition of The #CorbettReport.

📻 Episode 365 - #corbettreport #podcast
https://www.corbettreport.com/nutrition/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

30+ civil rights organizations call on elected officials to stop Amazon’s doorbell surveillance partnerships with police

Today, 30+ civil rights organizations signed an open letter sounding the alarm about Amazon’s spreading Ring doorbell partnerships with police. The letter calls on local, state, and federal officials to use their power to investigate Amazon Ring’s business practices, put an end to Amazon-police partnerships, and pass oversight measures to deter such partnerships in the future.

With no oversight and accountability, these partnerships pose a threat to privacy, civil liberties, and democracy. A few of the concerns highlighted by the organizations:

❓ In the absence of clear civil liberties and rights-protective policies to govern the technologies and the use of surveillance footage, once collected, stored footage can be used by law enforcement to conduct facial recognition searches, target protesters exercising their First Amendment rights, teenagers for minor drug possession, or shared with other agencies like ICE or the FBI.

❓ Ring technology gives Amazon employees and contractors in the US and Ukraine direct access to customers’ live camera feeds, a literal eye inside their homes and areas surrounding their homes. These live feeds provide surveillance on millions of American families––from a baby in their crib to someone walking their dog to a neighbor playing with young children in their yard––and other bystanders that don’t know they are being filmed and haven’t given their consent.

❓ Amazon has not been transparent about plans to integrate facial recognition into Ring cameras. The Information reported Ring’s Ukraine-based research team accessed customer’s surveillance footage to train image recognition software. As facial recognition software has been shown to disproportionately misidentify people of color, women and transgender people, it further compounds existing civil liberties concerns and expands suspected criminality centered in racial profiling and gender bias.

👉🏼 Read more:
https://www.fightforthefuture.org/news/2019-10-08-new-30-civil-rights-organizations-call-on/

#amazon #DeleteAmazon #ring #surveillance #partnership #police #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Ransomware Hits B2B Payments Firm Billtrust

Business-to-business payments provider Billtrust is still recovering from a ransomware attack that began last week. The company said it is in the final stages of bringing all of its systems back online from backups.

With more than 550 employees, Lawrence Township, N.J.-based Billtrust is a cloud-based service that lets customers view invoices, pay, or request bills via email or fax. In an email sent to customers today, Billtrust said it was consulting with law enforcement officials and with an outside security firm to determine the extent of the breach.

“Our standard security and back-up procedures have been and remain instrumental in our ability to execute the ongoing restoration of services,” the email reads. “Out of an abundance of caution, we cannot disclose the precise ransomware strains but will do so as soon as prudently possible.

In an interview with KrebsOnSecurity on Monday evening, Billtrust CEO Steven Pinado said the company became aware of a malware intrusion on Thursday, Oct. 17.

“We’re aware of the malware and have been able to stop the activity within our systems,” Pinado said. “We immediately started focusing on control, remediation and protection. The impact of that was several systems were no longer available to our customers. We’ve been fighting the fight, working on restoring services and also digging into the root cause.”

A report from BleepingComputer cites an unnamed source saying the ransomware strain that hit Billtrust was the BitPaymer ransomware, but that information could not be confirmed.

One of Billtrust’s customers has published a day-by-day chronology of the attack and communications from the company here (h/t @gossithedog).

Pinado said Billtrust had restored most of its systems, and that it was in the process now of putting additional security measures in place. He declined to discuss anything related to the ransomware attack, such as whether the company paid a ransom demand in exchange for a key to unlock files scrambled by the malware, although he allowed Billtrust does have cybersecurity insurance for just such occasions.

👉🏼 Read more:
https://krebsonsecurity.com/2019/10/ransomware-hits-b2b-payments-firm-billtrust/

#ransomware #B2B #billtrust
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

How Autocracy Comes to America: Big Tech and National Security

Today I’m going to write about a very dangerous theme floating around in military and big tech circles, which is that big American tech monopolies are good for national security and should be weaponized and controlled explicitly by the American national security apparatus.

The relationship between corporate power and global geopolitics frames the historical debate over antitrust, as I discuss in Goliath: The Hundred Year War Between Monopoly Power and Democracy. (Buy it. Yeah, I’m not going to be subtle.) The argument has been with us since before World War One, and is with us today. Last week, for instance, Mark Zuckerberg gave a speech on free expression, and yesterday he testified to the House Financial Services Committee on the need for Libra. Both times he implied that Facebook was essential to protect us from China.

What is interesting is how certain parts of the national security world may not be so averse to how Zuckerberg thinks, even if they don’t trust him specifically.

And so it is back to that debate we must go.

Incidentally, I was on CNBC yesterday to talk about Zuckerberg, and explain why I think Libra isn’t going to happen and is a “crazy idea.”

National Security Is the Last Resort of Monopoly Scoundrels

In his speech last week and in his testimony yesterday, Mark Zuckerberg put a choice to policymakers. Pick between Facebook’s domination, or China’s. “While we debate these issues,” he said, “the rest of the world isn’t waiting.” He explained this was particularly the case with his new currency Libra. “China is moving quickly” on its digital currency, and while Libra could “extend America’s financial leadership as well as our democratic values and oversight around the world,” that would only be the case if regulators allowed such innovation. The threat of Chinese dominance was implied.

👉🏼 Read more:
https://mattstoller.substack.com/p/how-autocracy-comes-to-america-big

#BigTech #USA #military #weaponized #Zuckerberg #security #China #threat #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Interview with the developer of the Aurora App Store

The Aurora App Store is a good example of how you can do without Google. The basic idea of Open Source played an important role in the development of this Android App. Programmers all over the world should have the opportunity to profit from this open source project or to actively participate in it.

When it comes to the topic „FOSS“ (Free Open Source Software), or Open Source in general, many people still have misunderstandings. Aurora is not any different. But we hope that developer Rahul Patel can explain this to us in this interview.

Aurora OSS: What does „OSS“ mean and why Open Source?

Tarnkappe.info: Why are only Open Source applications allowed? Is it primarily about security? Or rather by principle?

Rahul Patel: That’s an interesting question. Aurora OSS (Open Source Software) is, as the name suggests, a small collection of „FOSS“ or Open Source Apps. Why only Open Source? Well, it’s because we wanted to be very transparent about what we were doing right from the start. Everyone should be able to check the code for themselves. What is also important to us is that everyone should have the opportunity to start their own open source project. Or even better, to participate actively in the development and thereby improve the quality of the software.

Tarnkappe.info: And to detect and remove possible bugs. What does that mean explicitly referring to the Aurora-Store or Aurora Droid ?

Rahul Patel: Well, the Aurora App Store is an alternative (open source) client for the Google Play Store. Therefore, like Google’s Play Store, it includes all types of apps, proprietary and non-proprietary. (Explanation: Proprietary means that only the owner has access to the source code of the program.)

The Aurora Droid, is an alternative (open source) client for F-Droid, so it only supports FOSS apps, which is the main principle of F-Droid.

Internal, malware in apps

Tarnkappe.info: How many people work on Aurora, what do they do in detail?

Rahul Patel: Well, as a developer, I’m the only one who actually writes the code. But there are several designers who help me with the design of the app interfaces. Not to mention the many supporters who help me with domains, servers and dummy accounts.

👉🏼 Read more:
https://tarnkappe.info/interview-with-the-developer-of-the-aurora-app-store/

#Aurora #app #store #AppStore #Interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

TLDR Digital Safety Checklist

🤔 Who this guide is for

💡 You use the internet on a day-to-day basis – for work, social media, financial transactions, etc.

💡 You feel you could be doing more to ensure your digital safety and privacy, but you're also not in immediate danger. (If you are, seek out an expert for a 1:1 consult.)

💡 You're comfortable with technology. For example, you're comfortable going into the settings section of your computer/smartphone.

👀 How this guide works

💡 Recommendations have been sorted in ascending levels of difficulty. Start from level one and work your way up!

💡 I recommend doing everything in levels one, two and three. I did, and I'm only a mildly technically-competent person.

💡 Then scan the scenarios to see if any of them apply to you. (They assume that you've done everything in levels 1-3.)

💡 This guide is a living document – please feel free to submit a pull request or fork your own version of this guide on GitHub.


🕒 Last updated: 23 October 2019


👉🏼 Read more:
https://hongkonggong.github.io/tldr-digital-security/

👉🏼 GitHub:
https://github.com/hongkonggong/tldr-digital-security

#digital #safety #checklist #guide
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

New method makes people invisible for face recognition

Researchers from Facebook's AI research team and Tel-Aviv University have developed a new method to fool facial recognition on videos․

📺 https://www.youtube.com/watch?v=cCYnBtni7Wg

💡 New method tricks facial recognition on videos:
https://t3n.de/news/neue-methode-trickst-videos-1213004/

#facial #recognition #facebook #video #DeIdentification
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

GANimal Demo of Few-Shot Unsupervised Image-to-Image Translation

You've always wondered what your pet's smile would look like on another animal? This AI will show it to you.

👉🏼 Demo:
https://nvidia-research-mingyuliu.com/ganimal

https://arxiv.org/abs/1905.01723

#GANimal #demo #image #translation
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Australia wants to use face-matching to verify people downloading porn

Proving that you're old enough for online porn could get a lot more awkward.

The UK might have ditched plans for an age filter on online porn, but Australia is going all-in with a new proposal that could require internet users to verify their identity in a face-matching database before viewing pornography.

The proposal comes as Australian lawmakers consider new restrictions around age verification for online porn and gambling as part of a bipartisan parliamentary inquiry.

In a submission to the inquiry, first reported by ZDNet, Australia's Department of Home Affairs proposed using its Face Verification Service to verify internet users wanting to look at porn.

"Home Affairs is developing a Face Verification Service which matches a person's photo against images used on one of their evidence of identity documents to help verify their identity," DHA wrote in a submission to the inquiry. "This could assist in age verification, for example by preventing a minor from using their parent's driver licence to circumvent age verification controls."

The first phase of the Face Verification Service launched in 2016 with a database that included citizenship images, accessible by government agencies including the Australian Federal Police. However, the Government has proposed expanding the Service to include drivers' license photos to capture a larger part of the population.

👉🏼 Read more:
https://www.cnet.com/news/australia-face-verification-service-proposed-for-online-porn-age-filter/

#Australia #facial #verification #online #age #filter #porn
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users

Finally, for the very first time, an encrypted messaging service provider is taking legal action against a private entity that has carried out malicious attacks against its users.

Facebook filed a lawsuit against Israeli mobile surveillance firm NSO Group on Tuesday, alleging that the company was actively involved in hacking users of its end-to-end encrypted WhatsApp messaging service.

Earlier this year, it was discovered that WhatsApp had a critical vulnerability that attackers were found exploiting in the wild to remotely install Pegasus spyware on targeted Android and iOS devices.

The flaw (CVE-2019-3568) successfully allowed attackers to silently install the spyware app on targeted phones by merely placing a WhatsApp video call with specially crafted requests, even when the call was not answered.

Developed by NSO Group, Pegasus allows access to an incredible amount of data from victims' smartphones remotely, including their text messages, emails, WhatsApp chats, contact details, calls records, location, microphone, and camera.

Pegasus is NSO's signature product that has previously been used against several human rights activists and journalists, from Mexico to the United Arab Emirates two years ago, and Amnesty International staffers in Saudi Arabia and another Saudi human rights defender based abroad earlier last year.

Though NSO Group always claims it legally sells its spyware only to governments with no direct involvement, WhatsApp head Will Cathcart says the company has evidence of NSO Group's direct involvement in the recent attacks against WhatsApp users.

👉🏼 Read more:
https://thehackernews.com/2019/10/whatsapp-nso-group-malware.html

👉🏼 PDF:
https://www.scribd.com/document/432594561/WhatsApp-Sues-NSO-Group-for-WhatsApp-Hack

#Facebook #Israel #NSO #Spyware #Pegasus #WhatsApp #Malware #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Startpage sold to System1 👀

💡 https://www.startpage.com/blog/company-updates/startpage-and-privacy-one-group/

💡 https://www.kuketz-blog.de/ist-die-suchmaschine-startpage-noch-empfehlenswert/

📺 https://www.youtube.com/watch?v=aAwtQvt1P_c

#startpage #system1
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Facebook agrees to pay Cambridge Analytica fine to UK

Facebook has agreed to pay a £500,000 fine imposed by the UK's data protection watchdog for its role in the Cambridge Analytica scandal.

It had originally appealed the penalty, causing the Information Commissioner's Office to pursue its own counter-appeal.

As part of the agreement, Facebook has made no admission of liability.

The US firm said it "wished it had done more to investigate Cambridge Analytica" earlier.

James Dipple-Johnstone, deputy commissioner of the ICO said: "The ICO's main concern was that UK citizen data was exposed to a serious risk of harm. Protection of personal information and personal privacy is of fundamental importance, not only for the rights of individuals, but also as we now know, for the preservation of a strong democracy."

Harry Kinmonth, a Facebook lawyer, noted that the social network had made changes to restrict the information app developers could access following the scandal.

"The ICO has stated that it has not discovered evidence that the data of Facebook users in the EU was transferred to Cambridge Analytica," he added.

"However, we look forward to continuing to cooperate with the ICO's wider and ongoing investigation into the use of data analytics for political purposes."

Researcher Dr Aleksandr Kogan and his company GSR used a personality quiz to harvest the Facebook data of up to 87 million people.

Some of this data was shared with London-based Cambridge Analytica.

The ICO argued that Facebook did not do enough to protect users' information.

https://www.bbc.com/news/technology-50234141

#UK #facebook #DeleteFacebook #ICO #fine #dataprotection #CambridgeAnalytica
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Elon Musk’s Quest to Control Computers With Our Minds

Over the summer, #ElonMusk unveiled the details of his secretive startup #Neuralink. Its goal, he said, is to place electrodes in our brains so we can control a computer with our thoughts. Its experiments have so far been limited to rodents and monkeys, but Neuralink builds on strides already made in medicine, where doctors have successfully placed #implants into human brains to treat a variety of illnesses. This week on #Decrypted, Bloomberg Technology’s Sarah McBride visits the primate lab that’s been carrying out Neuralink’s #research, and meets the doctors and the patients at the forefront of this emerging field.

📻 https://www.bloomberg.com/news/audio/2019-10-29/elon-musk-s-quest-to-control-computers-with-our-minds-podcast

#podcast #bloomberg
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Usability Lab Overview and how to receive design help for your project

In this talk I will highlight our experience with the Usability Lab program from Open Tech Fund and how FOSS projects can apply and receive design help from this Lab.

This program offers help with Usability Audits, Usability and User Experience (UX) Consultations, Usability Testing, User Research and User Studies, UX Design and Style Guides.

Two successful examples that will be unfolded are our work on the Briar Project and Thunderbird, the difficulties we encountered and how we managed to overcome them.

📺 https://www.youtube.com/watch?v=IZfmRL_wLOM

#ACEU19 #Lushka #LabOverwiew #FOSS
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Exclusive: Government officials around the globe targeted for hacking through WhatsApp

WASHINGTON (Reuters) - Senior government officials in multiple U.S.-allied countries were targeted earlier this year with hacking software that used Facebook Inc's (FB.O) WhatsApp to take over users' phones, according to people familiar with the messaging company's investigation.

Sources familiar with WhatsApp’s internal investigation into the breach said a “significant” portion of the known victims are high-profile government and military officials spread across at least 20 countries on five continents. Many of the nations are U.S. allies, they said.

The hacking of a wider group of top government officials' smartphones than previously reported suggests the WhatsApp cyber intrusion could have broad political and diplomatic consequences.

WhatsApp filed a lawsuit on Tuesday against Israeli hacking tool developer NSO Group. The Facebook-owned software giant alleges that NSO Group built and sold a hacking platform that exploited a flaw in WhatsApp-owned servers to help clients hack into the cellphones of at least 1,400 users between April 29, 2019, and May 10, 2019.

The total number of WhatsApp users hacked could be even higher. A London-based human rights lawyer, who was among the targets, sent Reuters photographs showing attempts to break into his phone dating back to April 1.

While it is not clear who used the software to hack officials' phones, NSO has said it sells its spyware exclusively to government customers.

👉🏼 Read more:
https://uk.mobile.reuters.com/article/amp/idUKKBN1XA27N

#WhatsApp #Hack #government #military
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Emails about Russia’s 2018 World Cup bid appear to be for sale online

Anonymous Telegram account indicates emails for sale after reports emerge of dossier on how to bribe Fifa officials

An anonymously run Telegram account has indicated that it wants to sell a tranche of emails relating to Russia’s 2018 World Cup bid, after reports that they contain a dossier compiled by Russian officials on how to bribe Fifa executive council members.

The existence of the emails was first reported by the investigative website the Insider. According to the Insider, an aide to the former footballer Franz Beckenbauer promised to deliver his vote in exchange for “generous compensation for his consulting services”, later specified as at least €3m.

A Cypriot Fifa executive’s vote could be bought for €1.5m, and the former Fifa vice-president Jack Warner would vote for “whoever offers him the most”, the Insider report says.

The dossier also reportedly contains extensive background information about the council members, and even includes psychological profiles. It reportedly said the British football executive Geoff Thompson could be swayed through “diplomatic channels [and] expensive gifts to his wife, who has a strong influence on him”.

There is no suggestion that the Russian officials acted on the dossier, nor of any wrongdoing by those named. Thompson, who was at the time the head of England’s rival World Cup bid, has denied his wife was offered any gifts.

Warner has been banned for life by Fifa’s ethics committee, and Sepp Blatter and the former France captain Michel Platini, who are both profiled in the dossier, each received an eight-year ban from football in 2011.

The emails purportedly come from the account of Sergei Kapkov, a Russian politician and former head of the country’s national football academy, and are in the possession of an anonymously run Telegram channel called BlackMirror.

👉🏼 Read more:
https://www.theguardian.com/world/2019/nov/01/emails-about-russia-2018-world-cup-bid-being-offered-online

#BlackMirror #emails #russia #worldcup #fifa
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

The Mueller Report’s Secret Memos

BuzzFeed News sued the US government to see all the work that Mueller’s team kept secret. We have published the first installment, with revelations about the Ukraine conspiracy theory

👀 PDF:
https://assets.documentcloud.org/documents/6537542/LEOPOLD-BUZZFEED-NEWS-FBI-Mueller-302s-FOIA.pdf

👉🏼 Read more:
https://www.buzzfeednews.com/article/jasonleopold/mueller-report-secret-memos-1

#FBI #Mueller #report #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

A network of ‘camgirl’ sites exposed millions of users and sex workers

A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected.

The sites, run by Barcelona-based VTS Media, include amateur.tv, webcampornoxxx.net, and placercams.com. Most of the sites’ users are based in Spain and Europe, but we found evidence of users across the world, including the United States.

According to Alexa traffic rankings, amateur.tv is one of the most popular in Spain.

The database, containing months-worth of daily logs of the site activities, was left without a password for weeks. Those logs included detailed records of when users logged in — including usernames and sometimes their user-agents and IP addresses, which can be used to identify users. The logs also included users’ private chat messages with other users, as well as promotional emails they were receiving from the various sites. The logs even included failed login attempts, storing usernames and passwords in plaintext. We did not test the credentials as doing so would be unlawful.

The exposed data also revealed which videos users were watching and renting, exposing kinks and private sexual preferences.

In all, the logs were detailed enough to see which users were logging in, from where, and often their email addresses or other identifiable information — which in some cases we could match to real-world identities.

Not only were users affected, the “camgirls” — who broadcast sexual content to viewers — also had some of their account information exposed.

The database was shut off last week, allowing us to publish our findings.

👉🏼 Read more:
https://techcrunch.com/2019/11/03/camgirl-network-exposed-millions-users

#leak #spain #sexcam #network #exposed
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Nebulo – DNS over HTTPS/TLS: Our Interview with the Developer

Nebulo – DNS over HTTPS/TLS is a small but neat Android app to make the internet a little bit safer for us. But for users who just want less advertising on their devices, Nebulo is an interesting option. Many interesting questions have come together thanks to the help of our readers.

Nebulo – DNS over HTTPS/TLS 👀

As mentioned before, Nebulo comes with a few features that can be quite practical for us in everyday life.

💡 one-time configuration at the beginning, after that you don’t have to worry about anything anymore
💡 the provider promises: no advertising and no tracking!
💡 own servers can be specified
💡 comparatively low battery consumption, which is important for smartphone users
💡 also works without root.

If you like, you have the possibility to participate actively in the Nebulo Telegram support group. In the support group, you can always find the latest app version to download, or of course you can report bugs and make suggestions. Nebulo can also be found in the Google Play Store, on F-Droid or in the Aurora Droid as well as on GitLab.

Daniel Wolf and the Nebulo DNS App: our interview with the developer

Tarnkappe.info: Daniel, why do you concentrate on Android? Because it’s the better mobile OS? Or because it was easier to develop the DNS changer app for it, or get it approved by the app store operator?

Daniel Wolf: That’s a quick question to answer. Before I made Android apps, I programmed with Java. I also had an Android mobile phone, so the choice was obvious.
DNS Changer itself was created because I needed it myself.

👉🏼 Read more:
https://tarnkappe.info/nebulo-dns-over-https-tls-our-interview-with-the-developer/

#Nebulo #App #DNS #changer #interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN