Xiaomi Devices Found Tracking And Recording Browsing Data Of Millions
The tracking extends to browser's Incognito mode as well !!
Xiaomi has been tracking and recording an insane amount of private data, from userβs phone habits to queries in the Xiaomiβs default browsers.
According to a cybersecurity researcher, Cirlig, Xiaomi records all the search queries and items viewed on its default browser (Mi Browser Pro) as well as on the Mint browser. The tracking extends to Incognito mode as well.
The researcher was able to confirm the same pattern on other Xiaomi phones, including Mi 10, Redmi K20, and Mi MIX 3.
Xiaomi, in response, confirmed that it collects browsing data. However, the company says the data sent is anonymized, and users have consented to the data tracking. Meanwhile, it denied claims of information being monitored in Incognito mode.
The researcher, however, was able to prove that Xiaomi is recording Incognito mode data as well. In a video, he showcases how the information of him visiting a porn website in incognito mode is being sent to the servers.
ππΌ Read more:
https://fossbytes.com/xiaomi-devices-found-tracking-and-recording-browsing-data-of-millions/
#PoC #Xiaomi #spy #logging #browser #why #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
The tracking extends to browser's Incognito mode as well !!
Xiaomi has been tracking and recording an insane amount of private data, from userβs phone habits to queries in the Xiaomiβs default browsers.
According to a cybersecurity researcher, Cirlig, Xiaomi records all the search queries and items viewed on its default browser (Mi Browser Pro) as well as on the Mint browser. The tracking extends to Incognito mode as well.
The researcher was able to confirm the same pattern on other Xiaomi phones, including Mi 10, Redmi K20, and Mi MIX 3.
Xiaomi, in response, confirmed that it collects browsing data. However, the company says the data sent is anonymized, and users have consented to the data tracking. Meanwhile, it denied claims of information being monitored in Incognito mode.
The researcher, however, was able to prove that Xiaomi is recording Incognito mode data as well. In a video, he showcases how the information of him visiting a porn website in incognito mode is being sent to the servers.
ππΌ Read more:
https://fossbytes.com/xiaomi-devices-found-tracking-and-recording-browsing-data-of-millions/
#PoC #Xiaomi #spy #logging #browser #why #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Ubuntu has full access to your Google Account
Beware of this security bug if you are using Chromium Browser on Ubuntu
I am not the kind of dude who's too nerdy about IT security in general but I reviewed my Google Account's security today because I happened to land there as I wanted to change some other Google setting. Now what I saw literally shocked me.
I happen to use a handful of apps where I use my Google account but the permissions are limited to what they do (for example, the Car Driving Simulator app can only access the Google Play Service and nothing else). However, this app called "Ubuntu" has full access to my Google account which I thought was odd.
Though I happen to use an Ubuntu OS (18.04 LTS to be precise), they don't seem to be the kind who will hijack permissions to their users' Google accounts. Further research led me to this and this which are eye opening posts in this regard, and then it stuck me that I also use the Chromium Browser installed right from the Ubuntu repos using apt!
I also remember signing into Chromium browser so as to sync my bookmarks, etc. with my Android phone. Just to verify, I removed the access to Ubuntu and for sure, the sync feature on my browser suddenly stopped and I was temporarily signed out. So, I signed into Chromium again and that permission (Ubuntu Has full access!) came up again at its place. Now, I understand that its Chromium and not Ubuntu who is given permissions here, but there are a few problems (or rather a bug) with this workflow:
ππΌ Read more:
https://techtudor.blogspot.com/2020/05/ubuntu-has-full-access-to-your-google.html
#ubuntu #linux #google #DeleteGoogle #privacy #security #chrome #browser
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Beware of this security bug if you are using Chromium Browser on Ubuntu
I am not the kind of dude who's too nerdy about IT security in general but I reviewed my Google Account's security today because I happened to land there as I wanted to change some other Google setting. Now what I saw literally shocked me.
I happen to use a handful of apps where I use my Google account but the permissions are limited to what they do (for example, the Car Driving Simulator app can only access the Google Play Service and nothing else). However, this app called "Ubuntu" has full access to my Google account which I thought was odd.
Though I happen to use an Ubuntu OS (18.04 LTS to be precise), they don't seem to be the kind who will hijack permissions to their users' Google accounts. Further research led me to this and this which are eye opening posts in this regard, and then it stuck me that I also use the Chromium Browser installed right from the Ubuntu repos using apt!
I also remember signing into Chromium browser so as to sync my bookmarks, etc. with my Android phone. Just to verify, I removed the access to Ubuntu and for sure, the sync feature on my browser suddenly stopped and I was temporarily signed out. So, I signed into Chromium again and that permission (Ubuntu Has full access!) came up again at its place. Now, I understand that its Chromium and not Ubuntu who is given permissions here, but there are a few problems (or rather a bug) with this workflow:
ππΌ Read more:
https://techtudor.blogspot.com/2020/05/ubuntu-has-full-access-to-your-google.html
#ubuntu #linux #google #DeleteGoogle #privacy #security #chrome #browser
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Telegram Piracy Channels Face Blocking After Italian Prosecutor Issues Emergency Order
An emergency order signed by a deputy prosecutor in Italy has been delivered to local telecoms watchdog AGCOM. It requires Telegram to shut down 19 channels involved in the illegal distribution of newspapers, periodicals and books. In the event the chat platform fails to cooperate, ISPs could be required to block the channels or, in the extreme, block Telegram completely.
Instant messenging platform Telegram has an estimated 400 million users who use the service to communicate on an limitless number of topics. It is also used for piracy purposes, which has resulted in criticism from copyright holders.
In Italy, significant pressure has been building following complaints from the Federation of Newspaper Publishers (FIEG). According to the association, a sample of 10 Telegram channels, that are specifically used for the illicit distribution of newspapers, have around 580,000 users obtaining copyrighted content without permission.
βThe estimate of the losses suffered by publishing companies is alarming,β FIEG President Andrea Riffeser Monti complained earlier this month.
βIn a highly conservative hypothesis, we estimate β¬670 thousand per day, approximately β¬250 million per year: a figure which I trust that the sector authority wants to intervene against firmly and promptly.β
In light of soaring illicit consumption during the coronavirus pandemic, FIEG said that it had asked local telecoms watchdog AGCOM, which has site-blocking powers, to take βexemplary and urgent measuresβ against Telegram, which stands accused of not doing enough to tackle piracy. It is a position supported by the European Newspaper Publishersβ Association (ENPA).
ππΌ Read more:
https://torrentfreak.com/telegram-piracy-channels-face-blocking-as-italian-prosecutor-issues-emergency-order-200427
#Telegram #piracy #blocking #prosecutor #AGCOM #ENPA
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
An emergency order signed by a deputy prosecutor in Italy has been delivered to local telecoms watchdog AGCOM. It requires Telegram to shut down 19 channels involved in the illegal distribution of newspapers, periodicals and books. In the event the chat platform fails to cooperate, ISPs could be required to block the channels or, in the extreme, block Telegram completely.
Instant messenging platform Telegram has an estimated 400 million users who use the service to communicate on an limitless number of topics. It is also used for piracy purposes, which has resulted in criticism from copyright holders.
In Italy, significant pressure has been building following complaints from the Federation of Newspaper Publishers (FIEG). According to the association, a sample of 10 Telegram channels, that are specifically used for the illicit distribution of newspapers, have around 580,000 users obtaining copyrighted content without permission.
βThe estimate of the losses suffered by publishing companies is alarming,β FIEG President Andrea Riffeser Monti complained earlier this month.
βIn a highly conservative hypothesis, we estimate β¬670 thousand per day, approximately β¬250 million per year: a figure which I trust that the sector authority wants to intervene against firmly and promptly.β
In light of soaring illicit consumption during the coronavirus pandemic, FIEG said that it had asked local telecoms watchdog AGCOM, which has site-blocking powers, to take βexemplary and urgent measuresβ against Telegram, which stands accused of not doing enough to tackle piracy. It is a position supported by the European Newspaper Publishersβ Association (ENPA).
ππΌ Read more:
https://torrentfreak.com/telegram-piracy-channels-face-blocking-as-italian-prosecutor-issues-emergency-order-200427
#Telegram #piracy #blocking #prosecutor #AGCOM #ENPA
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Secret Service: Norway plans surveillance of Internet traffic
The Norwegian government is pushing for a new surveillance law despite the pandemic. The secret service is to be allowed to store metadata from telephone and internet use for 18 months.
While the European public is preoccupied with the corona virus, the Norwegian government has sent a proposal for mass surveillance of telecommunications to parliament without much fuss. The new law would allow the Norwegian Foreign Intelligence Service to eavesdrop on any communication with foreign countries and to store metadata for up to 18 months.
Norwegian providers will be legally obliged to have the secret service mirror all cross-border data transfers. The secret service may, with the consent of a court, evaluate the data according to defined search criteria, so-called selectors.
The focus is on foreign contacts, the government says: data from within the country should be filtered out as far as possible. But even if some data is filtered, most communication on the Internet runs via servers in other countries. Metadata such as IP addresses of website calls would be stored millions of times over under the law, as would telephone numbers and the duration of calls abroad.
Defense Minister Frank Bakke-Jensen considers the law to be unpostponable even in the pandemic. "Although the government's main concern at the moment is how to deal with the coronavirus situation, we must continue to work on other important issues," he said in writing in response to an inquiry from netzpolitik.org.
PDF:
https://www.regjeringen.no/contentassets/b7bada5f31bc482092318df675a2019d/no/pdfs/prp201920200080000dddpdfs.pdf
ππΌ Read more π©πͺ:
https://netzpolitik.org/2020/norwegen-plant-ueberwachung-des-internetverkehrs/
#Norway #surveillance #internet #spy #SecretService #pdf #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
The Norwegian government is pushing for a new surveillance law despite the pandemic. The secret service is to be allowed to store metadata from telephone and internet use for 18 months.
While the European public is preoccupied with the corona virus, the Norwegian government has sent a proposal for mass surveillance of telecommunications to parliament without much fuss. The new law would allow the Norwegian Foreign Intelligence Service to eavesdrop on any communication with foreign countries and to store metadata for up to 18 months.
Norwegian providers will be legally obliged to have the secret service mirror all cross-border data transfers. The secret service may, with the consent of a court, evaluate the data according to defined search criteria, so-called selectors.
The focus is on foreign contacts, the government says: data from within the country should be filtered out as far as possible. But even if some data is filtered, most communication on the Internet runs via servers in other countries. Metadata such as IP addresses of website calls would be stored millions of times over under the law, as would telephone numbers and the duration of calls abroad.
Defense Minister Frank Bakke-Jensen considers the law to be unpostponable even in the pandemic. "Although the government's main concern at the moment is how to deal with the coronavirus situation, we must continue to work on other important issues," he said in writing in response to an inquiry from netzpolitik.org.
PDF:
https://www.regjeringen.no/contentassets/b7bada5f31bc482092318df675a2019d/no/pdfs/prp201920200080000dddpdfs.pdf
ππΌ Read more π©πͺ:
https://netzpolitik.org/2020/norwegen-plant-ueberwachung-des-internetverkehrs/
#Norway #surveillance #internet #spy #SecretService #pdf #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Keep your email safe from hackers and trackers
Make an email alias with 1 click, and keep your address to yourself.
π‘ How does using an alias protect me?
Do you worry about giving away your email address? Sick of receiving emails you never signed up for? Do those unsubscribe links really work? By using aliases, you keep your real email off spam lists and away from sketchy companies you may not trust.
π‘ How does Private Relay work?
When a form requires your email address, click the relay button to give an alias instead. We will forward emails from the alias to your real inbox.
π‘ Take back control of your Inbox.
If any alias starts to receive emails you don't want, you can disable it or delete it completely.
https://relay.firefox.com/
#firefox #mozilla #browser #mail #private #relay
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Make an email alias with 1 click, and keep your address to yourself.
π‘ How does using an alias protect me?
Do you worry about giving away your email address? Sick of receiving emails you never signed up for? Do those unsubscribe links really work? By using aliases, you keep your real email off spam lists and away from sketchy companies you may not trust.
π‘ How does Private Relay work?
When a form requires your email address, click the relay button to give an alias instead. We will forward emails from the alias to your real inbox.
π‘ Take back control of your Inbox.
If any alias starts to receive emails you don't want, you can disable it or delete it completely.
https://relay.firefox.com/
#firefox #mozilla #browser #mail #private #relay
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Me on COVID-19 Contact Tracing Apps
"My problem with contact tracing apps is that they have absolutely no value," Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. "I'm not even talking about the privacy concerns, I mean the efficacy. Does anybody think this will do something useful? ... This is just something governments want to do for the hell of it. To me, it's just techies doing techie things because they don't know what else to do."
I haven't blogged about this because I thought it was obvious. But from the tweets and emails I have received, it seems not.
This is a classic identification problem, and efficacy depends on two things: false positives and false negatives.
False positives:
Any app will have a precise definition of a contact: let's say it's less than six feet for more than ten minutes. The false positive rate is the percentage of contacts that don't result in transmissions. This will be because of several reasons. One, the app's location and proximity systems -- based on GPS and Bluetooth -- just aren't accurate enough to capture every contact. Two, the app won't be aware of any extenuating circumstances, like walls or partitions. And three, not every contact results in transmission; the disease has some transmission rate that's less than 100% (and I don't know what that is).
False negatives:
This is the rate the app fails to register a contact when an infection occurs. This also will be because of several reasons. One, errors in the app's location and proximity systems. Two, transmissions that occur from people who don't have the app (even Singapore didn't get above a 20% adoption rate for the app). And three, not every transmission is a result of that precisely defined contact -- the virus sometimes travels further.
Assume you take the app out grocery shopping with you and it subsequently alerts you of a contact. What should you do? It's not accurate enough for you to quarantine yourself for two weeks. And without ubiquitous, cheap, fast, and accurate testing, you can't confirm the app's diagnosis. So the alert is useless.
Similarly, assume you take the app out grocery shopping and it doesn't alert you of any contact. Are you in the clear? No, you're not. You actually have no idea if you've been infected.
The end result is an app that doesn't work. People will post their bad experiences on social media, and people will read those posts and realize that the app is not to be trusted. That loss of trust is even worse than having no app at all.
It has nothing to do with privacy concerns. The idea that contact tracing can be done with an app, and not human health professionals, is just plain dumb.
ππΌ Read more:
https://www.schneier.com/blog/archives/2020/05/me_on_covad-19_.html
#coronavirus #apps #tracing #tracking #privacy
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
"My problem with contact tracing apps is that they have absolutely no value," Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. "I'm not even talking about the privacy concerns, I mean the efficacy. Does anybody think this will do something useful? ... This is just something governments want to do for the hell of it. To me, it's just techies doing techie things because they don't know what else to do."
I haven't blogged about this because I thought it was obvious. But from the tweets and emails I have received, it seems not.
This is a classic identification problem, and efficacy depends on two things: false positives and false negatives.
False positives:
Any app will have a precise definition of a contact: let's say it's less than six feet for more than ten minutes. The false positive rate is the percentage of contacts that don't result in transmissions. This will be because of several reasons. One, the app's location and proximity systems -- based on GPS and Bluetooth -- just aren't accurate enough to capture every contact. Two, the app won't be aware of any extenuating circumstances, like walls or partitions. And three, not every contact results in transmission; the disease has some transmission rate that's less than 100% (and I don't know what that is).
False negatives:
This is the rate the app fails to register a contact when an infection occurs. This also will be because of several reasons. One, errors in the app's location and proximity systems. Two, transmissions that occur from people who don't have the app (even Singapore didn't get above a 20% adoption rate for the app). And three, not every transmission is a result of that precisely defined contact -- the virus sometimes travels further.
Assume you take the app out grocery shopping with you and it subsequently alerts you of a contact. What should you do? It's not accurate enough for you to quarantine yourself for two weeks. And without ubiquitous, cheap, fast, and accurate testing, you can't confirm the app's diagnosis. So the alert is useless.
Similarly, assume you take the app out grocery shopping and it doesn't alert you of any contact. Are you in the clear? No, you're not. You actually have no idea if you've been infected.
The end result is an app that doesn't work. People will post their bad experiences on social media, and people will read those posts and realize that the app is not to be trusted. That loss of trust is even worse than having no app at all.
It has nothing to do with privacy concerns. The idea that contact tracing can be done with an app, and not human health professionals, is just plain dumb.
ππΌ Read more:
https://www.schneier.com/blog/archives/2020/05/me_on_covad-19_.html
#coronavirus #apps #tracing #tracking #privacy
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Monitoring COVID-19 from hospital to home: First wearable device continuously tracks key symptoms
Wireless sensor gently sits on throat to monitor coughs, fever and respiratory activity
EVANSTON, Ill. β The more we learn about the novel coronavirus (COVID-19), the more unknowns seem to arise. These ever-emerging mysteries highlight the desperate need for more data to help researchers and physicians better understand β and treat β the extremely contagious and deadly disease.
Researchers at Northwestern University and Shirley Ryan AbilityLab in Chicago have developed a novel wearable device and are creating a set of data algorithms specifically tailored to catch early signs and symptoms associated with COVID-19 and to monitor patients as the illness progresses.
Capable of being worn 24/7, the device produces continuous streams of data and uses artificial intelligence to uncover subtle, but potentially life-saving, insights. Filling a vital data gap, it continuously measures and interprets coughing and respiratory activity in ways that are impossible with traditional monitoring systems.
Developed in an engineering laboratory at Northwestern and using custom algorithms being created by Shirley Ryan AbilityLab scientists, the devices are currently being used at Shirley Ryan AbilityLab by COVID-19 patients and the healthcare workers who treat them. About 25 affected individuals began using the devices two weeks ago. They are being monitored both in the clinic and at home, totaling more than 1,500 cumulative hours and generating more than one terabyte of data.
ππΌ Read more:
https://news.northwestern.edu/stories/2020/04/monitoring-covid-19-from-hospital-to-home-first-wearable-device-continuously-tracks-key-symptoms
#coronavirus #wearable #tracing #tracking #privacy
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Wireless sensor gently sits on throat to monitor coughs, fever and respiratory activity
EVANSTON, Ill. β The more we learn about the novel coronavirus (COVID-19), the more unknowns seem to arise. These ever-emerging mysteries highlight the desperate need for more data to help researchers and physicians better understand β and treat β the extremely contagious and deadly disease.
Researchers at Northwestern University and Shirley Ryan AbilityLab in Chicago have developed a novel wearable device and are creating a set of data algorithms specifically tailored to catch early signs and symptoms associated with COVID-19 and to monitor patients as the illness progresses.
Capable of being worn 24/7, the device produces continuous streams of data and uses artificial intelligence to uncover subtle, but potentially life-saving, insights. Filling a vital data gap, it continuously measures and interprets coughing and respiratory activity in ways that are impossible with traditional monitoring systems.
Developed in an engineering laboratory at Northwestern and using custom algorithms being created by Shirley Ryan AbilityLab scientists, the devices are currently being used at Shirley Ryan AbilityLab by COVID-19 patients and the healthcare workers who treat them. About 25 affected individuals began using the devices two weeks ago. They are being monitored both in the clinic and at home, totaling more than 1,500 cumulative hours and generating more than one terabyte of data.
ππΌ Read more:
https://news.northwestern.edu/stories/2020/04/monitoring-covid-19-from-hospital-to-home-first-wearable-device-continuously-tracks-key-symptoms
#coronavirus #wearable #tracing #tracking #privacy
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
rpt-security-effectiveness-report-2020.pdf
2.5 MB
Companies overestimate their security
There are two types of companies: Those who know they've been hacked and those who don't. The actual security situation is even worse than is generally known and many attacks go undetected.
π‘ Mandiant Security Effectiveness Report 2020 - Deep Dive into Cyber Reality
PDF:
https://www.fireeye.com/current-threats/annual-threat-report/security-effectiveness-report.html
#FireEye #cyber #security #report #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
There are two types of companies: Those who know they've been hacked and those who don't. The actual security situation is even worse than is generally known and many attacks go undetected.
π‘ Mandiant Security Effectiveness Report 2020 - Deep Dive into Cyber Reality
PDF:
https://www.fireeye.com/current-threats/annual-threat-report/security-effectiveness-report.html
#FireEye #cyber #security #report #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Coronavirus and cyberattacks: 2020 campaigns already being hacked, experts warn
President Trump signed an executive order to protect the power grid from hackers last week, but experts warn that the 2020 campaign cycle has already suffered cyberattacks.
Elections large and small are looming in an increasingly work-from-home and social-distancing environment, one that has forced many campaigns (like most Americans) to conduct their day-to-day operations remotely. That has created a perfect opportunity for bad actors online, experts warn, and it could pose an unprecedented threat to the integrity of the U.S. elections.
βThis is an ongoing battle that will be going on right up until Election Day,β cybersecurity expert Michael Kaiser told Fox News.
Kaiser is president and CEO of Defending Digital Campaigns (DDC), a bipartisan group comprised of both presidential campaign staff and cybersecurity professionals that advises federal-level campaigns and staff about all things cybersecurity.
Campaigns are able to learn about and obtain things like encryption services at cost or for free with DDCβs assistance. These kinds of protections have become increasingly valuable as town halls and fundraising dinners shift to online platforms like Zoom and as campaigns share sensitive information with each other online.
ππΌ Read more:
https://www.foxnews.com/politics/coronavirus-cyberattacks-2020-campaigns-already-being-hacked
#coronavirus #cyberattacks #election #campaigns #USA
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
President Trump signed an executive order to protect the power grid from hackers last week, but experts warn that the 2020 campaign cycle has already suffered cyberattacks.
Elections large and small are looming in an increasingly work-from-home and social-distancing environment, one that has forced many campaigns (like most Americans) to conduct their day-to-day operations remotely. That has created a perfect opportunity for bad actors online, experts warn, and it could pose an unprecedented threat to the integrity of the U.S. elections.
βThis is an ongoing battle that will be going on right up until Election Day,β cybersecurity expert Michael Kaiser told Fox News.
Kaiser is president and CEO of Defending Digital Campaigns (DDC), a bipartisan group comprised of both presidential campaign staff and cybersecurity professionals that advises federal-level campaigns and staff about all things cybersecurity.
Campaigns are able to learn about and obtain things like encryption services at cost or for free with DDCβs assistance. These kinds of protections have become increasingly valuable as town halls and fundraising dinners shift to online platforms like Zoom and as campaigns share sensitive information with each other online.
ππΌ Read more:
https://www.foxnews.com/politics/coronavirus-cyberattacks-2020-campaigns-already-being-hacked
#coronavirus #cyberattacks #election #campaigns #USA
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Telegramβs TON OS to Go Open Source on GitHub Tomorrow
Telegramβs blockchain operating system, TON OS, which is planned for launch on Google Play market and Apple's AppStore, will be open sourced tomorrow.
Telegram recently delayed their open network, TON, and their cryptocurrency, GRAM, once again. There is one related project that has not experienced these setbacks, however. TON OS, an operating system for the TON blockchain, will soon get an open source release.
The projectβs core infrastructure developers, TON Labs, are planning to open source the main components of the TON OS on GitHub tomorrow. Mitja Goroshevsky, CTO at TON Labs, confirmed the news to Cointelegraph on May 6.
TON Labs to issue a token known as TON Cash within a month
As reported by industry publication, ForkLog, the release includes TON Node in the Rust programming language, command line interface, TON Multisignature Wallet smart contract, as well as tools for launching TON validators. The report notes that within a month, TON Labs also plans to issue its decentralized browser, Surf, its staking pool, DePool, and the token known as TON Cash.
In conjunction with the TON OS open source release, TON Labs is joining the Free Software Foundation (FSF), a major free software movement. As such, all the components of the TON OS are being launched as a free software. According to the developers, the idea of a permissionless blockchain in a closed source is absurd. TON Labs reportedly felt that joining the FSF will help them maintain free use of the application as well as the TON blockchain.
ππΌ Read more:
https://cointelegraph.com/news/telegrams-ton-os-to-go-open-source-on-github-tomorrow
https://www.bitcoinisle.com/2020/05/06/telegrams-ton-os-to-go-open-source-on-github-tomorrow/
https://criptotendencia.com/2020/05/07/solo-horas-para-el-lanzamiento-de-ton-os-el-sistema-operativo-de-telegram/
#tg #telegram #TON #OS #OpenSource #GitHub
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Telegramβs blockchain operating system, TON OS, which is planned for launch on Google Play market and Apple's AppStore, will be open sourced tomorrow.
Telegram recently delayed their open network, TON, and their cryptocurrency, GRAM, once again. There is one related project that has not experienced these setbacks, however. TON OS, an operating system for the TON blockchain, will soon get an open source release.
The projectβs core infrastructure developers, TON Labs, are planning to open source the main components of the TON OS on GitHub tomorrow. Mitja Goroshevsky, CTO at TON Labs, confirmed the news to Cointelegraph on May 6.
TON Labs to issue a token known as TON Cash within a month
As reported by industry publication, ForkLog, the release includes TON Node in the Rust programming language, command line interface, TON Multisignature Wallet smart contract, as well as tools for launching TON validators. The report notes that within a month, TON Labs also plans to issue its decentralized browser, Surf, its staking pool, DePool, and the token known as TON Cash.
In conjunction with the TON OS open source release, TON Labs is joining the Free Software Foundation (FSF), a major free software movement. As such, all the components of the TON OS are being launched as a free software. According to the developers, the idea of a permissionless blockchain in a closed source is absurd. TON Labs reportedly felt that joining the FSF will help them maintain free use of the application as well as the TON blockchain.
ππΌ Read more:
https://cointelegraph.com/news/telegrams-ton-os-to-go-open-source-on-github-tomorrow
https://www.bitcoinisle.com/2020/05/06/telegrams-ton-os-to-go-open-source-on-github-tomorrow/
https://criptotendencia.com/2020/05/07/solo-horas-para-el-lanzamiento-de-ton-os-el-sistema-operativo-de-telegram/
#tg #telegram #TON #OS #OpenSource #GitHub
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
The Great Hack
The #Cambridge #Analytica #scandal is examined through the roles of several affected persons.
#docu #video #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
The #Cambridge #Analytica #scandal is examined through the roles of several affected persons.
#docu #video #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Riot Web 1.6, RiotX Android 0.19 & Riot iOS 0.11 β E2E Encryption by Default & Cross-signing is here!!
Hi folks,
We are incredibly excited to present the biggest change in Riot ever: as of the last 24 hours we are enabling end-to-end encryption by default for all new non-public conversations, together with a complete rework of Riotβs user experience around E2E encryption, powered by a whole new suite of encryption features in Matrix. We have released this simultaneously on Web, Desktop, iOS and RiotX Android!
ππΌ Web:
https://riot.im/app
ππΌ Desktop:
https://riot.im/download/desktop/
ππΌ iOS:
https://apps.apple.com/us/app/riot-im/id1083446067
ππΌ RiotX Android:
https://play.google.com/store/apps/details?id=im.vector.riotx
π‘ More info:
https://blog.riot.im/e2e-encryption-by-default-cross-signing-is-here/
#riot #matrix #messenger #e2e #encryption #android #iOS
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Hi folks,
We are incredibly excited to present the biggest change in Riot ever: as of the last 24 hours we are enabling end-to-end encryption by default for all new non-public conversations, together with a complete rework of Riotβs user experience around E2E encryption, powered by a whole new suite of encryption features in Matrix. We have released this simultaneously on Web, Desktop, iOS and RiotX Android!
ππΌ Web:
https://riot.im/app
ππΌ Desktop:
https://riot.im/download/desktop/
ππΌ iOS:
https://apps.apple.com/us/app/riot-im/id1083446067
ππΌ RiotX Android:
https://play.google.com/store/apps/details?id=im.vector.riotx
π‘ More info:
https://blog.riot.im/e2e-encryption-by-default-cross-signing-is-here/
#riot #matrix #messenger #e2e #encryption #android #iOS
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Fido: Full ISO Download Script (for Windows retail ISOs)
Fido is a PowerShell script that is primarily designed to be used in Rufus, but that can also be used in standalone fashion, and whose purpose is to automate access to the official Microsoft Windows retail ISO download links.
π Description
This script exists because, while Microsoft does make retail ISO download links freely and publicly available (at least for Windows 8 and Windows 10), it only does so after actively forcing users to jump through a lot of unwarranted hoops, that create an exceedingly counterproductive, if not downright unfriendly, consumer experience and that greatly detract from what people really want (direct access to ISO downloads).
As to the reason one might want to download Windows retail ISOs, as opposed to the ISOs that are generated by Microsoft's own Media Creation Tool (MCT), this is because using official retail ISOs is currently the only way to assert with absolute certainty that the OS content has not been altered. Indeed, because there only exists a single master for each of them, Microsoft retail ISOs are the only ones you can obtain an official SHA-1 for (from MSDN, if you have access to it, or from sites such as this one) allowing you to be 100% sure that the image you are using has not been corrupted and is safe to use.
π‘ How it works
The script basically performs the same operation as one might perform when visiting either of the following URLs (that is, provided that you have also changed your User-Agent browser string, since, when they detect that you are using a version of Windows that is the same as the one you are trying to download, the Microsoft web servers at these addresses redirect you away from the pages that allow you to download retail ISOs):
https://www.microsoft.com/software-download/Windows8ISO
https://www.microsoft.com/software-download/Windows10ISO
After visiting those with a full browser (Internet Explorer, running through the Invoke-WebRequest PowerShell Cmdlet), to confirm that they are accessible, the script then queries the web API from the Microsoft servers to first request the language selection available for the version of Windows selected by the user, and then request the actual download links for all the architectures available for that specific combination of version + language.
ππΌ Read more:
https://github.com/pbatard/Fido
#Fido #script #PowerShell #Rufus #Windows #download #ISO #retail
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Fido is a PowerShell script that is primarily designed to be used in Rufus, but that can also be used in standalone fashion, and whose purpose is to automate access to the official Microsoft Windows retail ISO download links.
π Description
This script exists because, while Microsoft does make retail ISO download links freely and publicly available (at least for Windows 8 and Windows 10), it only does so after actively forcing users to jump through a lot of unwarranted hoops, that create an exceedingly counterproductive, if not downright unfriendly, consumer experience and that greatly detract from what people really want (direct access to ISO downloads).
As to the reason one might want to download Windows retail ISOs, as opposed to the ISOs that are generated by Microsoft's own Media Creation Tool (MCT), this is because using official retail ISOs is currently the only way to assert with absolute certainty that the OS content has not been altered. Indeed, because there only exists a single master for each of them, Microsoft retail ISOs are the only ones you can obtain an official SHA-1 for (from MSDN, if you have access to it, or from sites such as this one) allowing you to be 100% sure that the image you are using has not been corrupted and is safe to use.
π‘ How it works
The script basically performs the same operation as one might perform when visiting either of the following URLs (that is, provided that you have also changed your User-Agent browser string, since, when they detect that you are using a version of Windows that is the same as the one you are trying to download, the Microsoft web servers at these addresses redirect you away from the pages that allow you to download retail ISOs):
https://www.microsoft.com/software-download/Windows8ISO
https://www.microsoft.com/software-download/Windows10ISO
After visiting those with a full browser (Internet Explorer, running through the Invoke-WebRequest PowerShell Cmdlet), to confirm that they are accessible, the script then queries the web API from the Microsoft servers to first request the language selection available for the version of Windows selected by the user, and then request the actual download links for all the architectures available for that specific combination of version + language.
ππΌ Read more:
https://github.com/pbatard/Fido
#Fido #script #PowerShell #Rufus #Windows #download #ISO #retail
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Apple plans to shift 20% of production capacity from China to India, eying $40 billion export revenue
The iPhone makes is currently looking to scale up its local manufacturing revenues as it seeks alternatives to China for shifting its production facility.
New Delhi: Amid the coronavirus pandemic which originated from Wuhan, several companies are looking to move out of China. Tech giant Apple is planning to shift nearly one-fifth of its production capacity from China to India. As per reports, Apple's senior executives and Indian government's top-ranking officials have discussed the move over the last few days.
The iPhone makes is currently looking to scale up its local manufacturing revenues. Amid the pandemic, Apple is seeking alternatives to China for shifting its production. An official familiar with the matter told Economic Times (ET) that Apple is looking to scale its local revenue to $40 billion over the next five years.
"We expect Apple to produce up to $40 billion worth of smartphones, mostly for exports through its contract manufacturers Wistron and Foxconn, availing the benefits under the production-linked incentive (PLI) scheme," the business daily quoted a senior government official as saying,
Government's PLI scheme:
Because of the coronavirus crisis, several companies are looking to move out of China. In fact, Japan has announced a $2.2 billion monetary support for its businesses to shift its manufacturing and production out of China. The US is expected to do the same. India is hoping to attract some of these global companies looking to shift from China. In March, the government had notified three schemes with incentives totalling Rs 48,000 crore to boost mobile phone manufacturing in the country. The dominant production-linked incentive (PLI) scheme has a share of close to Rs 41,000 crore with sops to be spread over three years.
ππΌ Read more:
https://www.timesnownews.com/business-economy/companies/article/apple-plans-to-shift-20-of-production-capacity-from-china-to-india-eying-40-billion-export-revenue/590043
#apple #china #india #coronavirus
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
The iPhone makes is currently looking to scale up its local manufacturing revenues as it seeks alternatives to China for shifting its production facility.
New Delhi: Amid the coronavirus pandemic which originated from Wuhan, several companies are looking to move out of China. Tech giant Apple is planning to shift nearly one-fifth of its production capacity from China to India. As per reports, Apple's senior executives and Indian government's top-ranking officials have discussed the move over the last few days.
The iPhone makes is currently looking to scale up its local manufacturing revenues. Amid the pandemic, Apple is seeking alternatives to China for shifting its production. An official familiar with the matter told Economic Times (ET) that Apple is looking to scale its local revenue to $40 billion over the next five years.
"We expect Apple to produce up to $40 billion worth of smartphones, mostly for exports through its contract manufacturers Wistron and Foxconn, availing the benefits under the production-linked incentive (PLI) scheme," the business daily quoted a senior government official as saying,
Government's PLI scheme:
Because of the coronavirus crisis, several companies are looking to move out of China. In fact, Japan has announced a $2.2 billion monetary support for its businesses to shift its manufacturing and production out of China. The US is expected to do the same. India is hoping to attract some of these global companies looking to shift from China. In March, the government had notified three schemes with incentives totalling Rs 48,000 crore to boost mobile phone manufacturing in the country. The dominant production-linked incentive (PLI) scheme has a share of close to Rs 41,000 crore with sops to be spread over three years.
ππΌ Read more:
https://www.timesnownews.com/business-economy/companies/article/apple-plans-to-shift-20-of-production-capacity-from-china-to-india-eying-40-billion-export-revenue/590043
#apple #china #india #coronavirus
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data.
The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store.
"4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said.
π The full contents of the database, spanning across 4,282 apps, included:
βΌοΈ Email addresses: 7,000,000+
βΌοΈ Usernames: 4,400,000+
βΌοΈ Passwords: 1,000,000+
βΌοΈ Phone numbers: 5,300,000+
βΌοΈ Full names: 18,300,000+
βΌοΈ Chat messages: 6,800,000+
βΌοΈ GPS data: 6,200,000+
βΌοΈ IP addresses: 156,000+
βΌοΈ Street addresses: 560,000+
ππΌ Read more:
https://thehackernews.com/2020/05/android-firebase-database-security.html
#android #app #google #playstore #firebase #database #security #breach #leak
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data.
The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store.
"4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said.
π The full contents of the database, spanning across 4,282 apps, included:
βΌοΈ Email addresses: 7,000,000+
βΌοΈ Usernames: 4,400,000+
βΌοΈ Passwords: 1,000,000+
βΌοΈ Phone numbers: 5,300,000+
βΌοΈ Full names: 18,300,000+
βΌοΈ Chat messages: 6,800,000+
βΌοΈ GPS data: 6,200,000+
βΌοΈ IP addresses: 156,000+
βΌοΈ Street addresses: 560,000+
ππΌ Read more:
https://thehackernews.com/2020/05/android-firebase-database-security.html
#android #app #google #playstore #firebase #database #security #breach #leak
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Bill Gatesβ Plan to Vaccinate the World
In January of 2010, Bill and Melinda Gates announced a $10 billion pledge to usher in a decade of vaccines. But far from an unalloyed good, the truth is that this attempt to reorient the global health economy was part of a much bigger agenda. An agenda that would ultimately lead to greater profits for Big Pharma companies, greater control for the Gates Foundation over the field of global health, and greater power for Bill Gates to shape the course of the future for billions of peop
https://www.corbettreport.com/gatesvaccine/
mp3:
https://www.corbettreport.com/mp3/episode378_gates_vaccine.mp3
#corbettreport #gates #video #podcast
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
In January of 2010, Bill and Melinda Gates announced a $10 billion pledge to usher in a decade of vaccines. But far from an unalloyed good, the truth is that this attempt to reorient the global health economy was part of a much bigger agenda. An agenda that would ultimately lead to greater profits for Big Pharma companies, greater control for the Gates Foundation over the field of global health, and greater power for Bill Gates to shape the course of the future for billions of peop
https://www.corbettreport.com/gatesvaccine/
mp3:
https://www.corbettreport.com/mp3/episode378_gates_vaccine.mp3
#corbettreport #gates #video #podcast
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
The end is near (from Google Play Music): Transfer to YouTube Music
Google Play Music is discontinued, but the company now offers a transfer to YouTube Music.
Over the past few years, we have enhanced YouTube Music to deliver a comprehensive listening experience, and have also added features to make Google Play Music users feel right at home. Starting today, weβre excited to officially begin inviting Google Play Music listeners to effortlessly transfer their music libraries, personal taste preferences and playlists to YouTube Music, their new home for music listening and discovery.
For now, users will continue to have access to both services. We want to ensure everyone has time to transfer their content and get used to YouTube Music, so weβll provide plenty of notice ahead of users no longer having access to Google Play Music later this year.
ππΌ Read more:
https://youtube.googleblog.com/2020/05/youtube-music-transfer-google-play-music-library.html
#Google #DeleteGoogle #YouTube #music #discontinued
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Google Play Music is discontinued, but the company now offers a transfer to YouTube Music.
Over the past few years, we have enhanced YouTube Music to deliver a comprehensive listening experience, and have also added features to make Google Play Music users feel right at home. Starting today, weβre excited to officially begin inviting Google Play Music listeners to effortlessly transfer their music libraries, personal taste preferences and playlists to YouTube Music, their new home for music listening and discovery.
For now, users will continue to have access to both services. We want to ensure everyone has time to transfer their content and get used to YouTube Music, so weβll provide plenty of notice ahead of users no longer having access to Google Play Music later this year.
ππΌ Read more:
https://youtube.googleblog.com/2020/05/youtube-music-transfer-google-play-music-library.html
#Google #DeleteGoogle #YouTube #music #discontinued
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Screen New Deal - Under Cover of Mass Death, Andrew Cuomo Calls in the Billionaires to Build a High-Tech Dystopia
For a few fleeting moments during New York Gov. Andrew Cuomoβs daily coronavirus briefing on Wednesday, the somber grimace that has filled our screens for weeks was briefly replaced by something resembling a smile.
βWe are ready, weβre all-in,β the governor gushed. βWe are New Yorkers, so weβre aggressive about it, weβre ambitious about it. β¦ We realize that change is not only imminent, but it can actually be a friend if done the right way.β
The inspiration for these uncharacteristically good vibes was a video visit from former Google CEO Eric Schmidt, who joined the governorβs briefing to announce that he will be heading up a blue-ribbon commission to reimagine New York stateβs post-Covid reality, with an emphasis on permanently integrating technology into every aspect of civic life.
βThe first priorities of what weβre trying to do,β Schmidt said, βare focused on telehealth, remote learning, and broadband. β¦ We need to look for solutions that can be presented now, and accelerated, and use technology to make things better.β Lest there be any doubt that the former Google chairβs goals were purely benevolent, his video background featured a framed pair of golden angel wings.
Just one day earlier, Cuomo had announced a similar partnership with the Bill and Melinda Gates Foundation to develop βa smarter education system.β Calling Gates a βvisionary,β Cuomo said the pandemic has created βa moment in history when we can actually incorporate and advance [Gatesβs] ideas β¦ all these buildings, all these physical classrooms β why with all the technology you have?β he asked, apparently rhetorically.
It has taken some time to gel, but something resembling a coherent Pandemic Shock Doctrine is beginning to emerge. Call it the βScreen New Deal.β Far more high-tech than anything we have seen during previous disasters, the future that is being rushed into being as the bodies still pile up treats our past weeks of physical isolation not as a painful necessity to save lives, but as a living laboratory for a permanent β and highly profitable β no-touch future.
ππΌ Read more:
https://theintercept.com/2020/05/08/andrew-cuomo-eric-schmidt-coronavirus-tech-shock-doctrine/
#coronavirus #HighTech #Dystopia #surveillance #SurveillanceCapitalism #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
For a few fleeting moments during New York Gov. Andrew Cuomoβs daily coronavirus briefing on Wednesday, the somber grimace that has filled our screens for weeks was briefly replaced by something resembling a smile.
βWe are ready, weβre all-in,β the governor gushed. βWe are New Yorkers, so weβre aggressive about it, weβre ambitious about it. β¦ We realize that change is not only imminent, but it can actually be a friend if done the right way.β
The inspiration for these uncharacteristically good vibes was a video visit from former Google CEO Eric Schmidt, who joined the governorβs briefing to announce that he will be heading up a blue-ribbon commission to reimagine New York stateβs post-Covid reality, with an emphasis on permanently integrating technology into every aspect of civic life.
βThe first priorities of what weβre trying to do,β Schmidt said, βare focused on telehealth, remote learning, and broadband. β¦ We need to look for solutions that can be presented now, and accelerated, and use technology to make things better.β Lest there be any doubt that the former Google chairβs goals were purely benevolent, his video background featured a framed pair of golden angel wings.
Just one day earlier, Cuomo had announced a similar partnership with the Bill and Melinda Gates Foundation to develop βa smarter education system.β Calling Gates a βvisionary,β Cuomo said the pandemic has created βa moment in history when we can actually incorporate and advance [Gatesβs] ideas β¦ all these buildings, all these physical classrooms β why with all the technology you have?β he asked, apparently rhetorically.
It has taken some time to gel, but something resembling a coherent Pandemic Shock Doctrine is beginning to emerge. Call it the βScreen New Deal.β Far more high-tech than anything we have seen during previous disasters, the future that is being rushed into being as the bodies still pile up treats our past weeks of physical isolation not as a painful necessity to save lives, but as a living laboratory for a permanent β and highly profitable β no-touch future.
ππΌ Read more:
https://theintercept.com/2020/05/08/andrew-cuomo-eric-schmidt-coronavirus-tech-shock-doctrine/
#coronavirus #HighTech #Dystopia #surveillance #SurveillanceCapitalism #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Huawei HKSP Introduces Trivially Exploitable Vulnerability
5/11/2020 Update: We were contacted this morning by Huawei PSIRT who referenced an email by the patch author to the KSPP list: https://www.openwall.com/lists/kernel-hardening/2020/05/10/3 and stated that "The patchset is not provided by Huawei official but an individual. And also not used in any Huawei devices." They asked if we would update the description of the article to correct this information.
Based on publicly-available information, we know the author of the patch is a Huawei employee, and despite attempts now to distance itself from the code after publication of this post, it still retains the Huawei naming. Further, on information from our sources, the employee is a Level 20 Principal Security staffer, the highest technical level within Huawei.
The Github repository mentioned in the article had a commit added to it this morning that inserted a notice to the top of the README file, distancing the code from Huawei. This commit was (intentionally or not) backdated to Friday when the repository was created, creating the impression that we somehow intentionally ignored pertinent information that was readily available. This is obviously untrue, and examining the contents of https://api.github.com/repos/cloudsec/hksp/events proves the commit was pushed to the repo this morning.
We replied to Huawei PSIRT's mail and mentioned that we'd be fine with mentioning the patches aren't shipping on any Huawei devices (I believed it already to be unlikely given the poor code quality), but regarding the other claim (particularly due to the surreptitious Github repo edit), we'd have to also include the additional information we discovered.
ππΌ Read more:
https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability
https://www.openwall.com/lists/kernel-hardening/2020/05/10/3
https://api.github.com/repos/cloudsec/hksp/events
#huawei #PSIRT #hksp #exploitable #kernel #hardening #vulnerability
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
5/11/2020 Update: We were contacted this morning by Huawei PSIRT who referenced an email by the patch author to the KSPP list: https://www.openwall.com/lists/kernel-hardening/2020/05/10/3 and stated that "The patchset is not provided by Huawei official but an individual. And also not used in any Huawei devices." They asked if we would update the description of the article to correct this information.
Based on publicly-available information, we know the author of the patch is a Huawei employee, and despite attempts now to distance itself from the code after publication of this post, it still retains the Huawei naming. Further, on information from our sources, the employee is a Level 20 Principal Security staffer, the highest technical level within Huawei.
The Github repository mentioned in the article had a commit added to it this morning that inserted a notice to the top of the README file, distancing the code from Huawei. This commit was (intentionally or not) backdated to Friday when the repository was created, creating the impression that we somehow intentionally ignored pertinent information that was readily available. This is obviously untrue, and examining the contents of https://api.github.com/repos/cloudsec/hksp/events proves the commit was pushed to the repo this morning.
We replied to Huawei PSIRT's mail and mentioned that we'd be fine with mentioning the patches aren't shipping on any Huawei devices (I believed it already to be unlikely given the poor code quality), but regarding the other claim (particularly due to the surreptitious Github repo edit), we'd have to also include the additional information we discovered.
ππΌ Read more:
https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability
https://www.openwall.com/lists/kernel-hardening/2020/05/10/3
https://api.github.com/repos/cloudsec/hksp/events
#huawei #PSIRT #hksp #exploitable #kernel #hardening #vulnerability
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
The StartPage.com interview: please submit your questions!
Deadline for questions to StartPage.com runs until 1 June!
Last week, press spokesman JΓΆrg Bauer called me because he wanted to complain about the content of Sunny's article more than five months after its publication. He would never act for a data octopus, he assured me. Our presentation was misleading or simply incorrect in some points. Since nobody can remember a catalogue of points of criticism presented by telephone, I asked for a transmission by e-mail. But before he could do that, we developed the idea for a community interview. It makes much more sense to ask open questions yourself instead of overloading an ancient contribution with additions. Mr. Bauer thinks the idea is good and immediately agreed to the action.
Lets get this done!
Everyone can now participate to their heart's content. There are many things that can be addressed. If the answers from Startpage.com are too evasive, we would then go back and ask questions. Several times if necessary. But hopefully this will not be necessary.
Please keep in mind: Ask your questions in a consistently constructive manner! With hostility or the like we will not get anywhere. Either way, the deadline will expire on 1.6.2020. Unfortunately we cannot accept any further questions after that date. As usual, we will sort the questions according to their content, work on them, add our own ideas and send them to you. We hope for a lively participation in this exciting topic.
ππΌ Please ask your questions in one of the following TG-Groups:
@BlackBoxβͺοΈSecurity
or
@NoGoolag
βοΈplease mark your questions with #startpage
Read more π©πͺ:
https://tarnkappe.info/die-suchmaschine-startpage-com-im-interview-bitte-fragen-einreichen/
#startpage #interview
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
Deadline for questions to StartPage.com runs until 1 June!
Last week, press spokesman JΓΆrg Bauer called me because he wanted to complain about the content of Sunny's article more than five months after its publication. He would never act for a data octopus, he assured me. Our presentation was misleading or simply incorrect in some points. Since nobody can remember a catalogue of points of criticism presented by telephone, I asked for a transmission by e-mail. But before he could do that, we developed the idea for a community interview. It makes much more sense to ask open questions yourself instead of overloading an ancient contribution with additions. Mr. Bauer thinks the idea is good and immediately agreed to the action.
Lets get this done!
Everyone can now participate to their heart's content. There are many things that can be addressed. If the answers from Startpage.com are too evasive, we would then go back and ask questions. Several times if necessary. But hopefully this will not be necessary.
Please keep in mind: Ask your questions in a consistently constructive manner! With hostility or the like we will not get anywhere. Either way, the deadline will expire on 1.6.2020. Unfortunately we cannot accept any further questions after that date. As usual, we will sort the questions according to their content, work on them, add our own ideas and send them to you. We hope for a lively participation in this exciting topic.
ππΌ Please ask your questions in one of the following TG-Groups:
@BlackBoxβͺοΈSecurity
or
@NoGoolag
βοΈplease mark your questions with #startpage
Read more π©πͺ:
https://tarnkappe.info/die-suchmaschine-startpage-com-im-interview-bitte-fragen-einreichen/
#startpage #interview
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
butter_bot - Telegram Bot for managing groups
I manage your telegram groups. I use TLG_JoinCaptchaBot for captchas.
Features:
bot protection: verify new users with captchas, auto kick spamming bots
log protection: let me manage your invitation links; bots can not even join your group
notes: add notes for your user
connect: manage your group settings in private
auto-delete: I do not spam your group, messages are automatically deleted
Log Protection
You probably never saw a log protection like that before(I didnt).
Any usual bot-protection solution verifies "users" after they joined your group. Any bad bot can dump your whole group history before it fails the verification.
This solution verifies users before they can join your group!
Set your group to private
Activate Log Protection with
I will create an invitation link for the user if he passes the captcha
I revoke the invitation link after a timeout, or after the user joined your group
Only the verified user can join your group. If another user uses the generated link, I will kick him and revoke the link
ButterBot TG Channel:
https://t.iss.one/butter_bot_info
ButterBott on GitHub:
https://github.com/v1nc/butter_bot
#butterbot #tg #group #bot #v1nc
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN
I manage your telegram groups. I use TLG_JoinCaptchaBot for captchas.
Features:
bot protection: verify new users with captchas, auto kick spamming bots
log protection: let me manage your invitation links; bots can not even join your group
notes: add notes for your user
connect: manage your group settings in private
auto-delete: I do not spam your group, messages are automatically deleted
Log Protection
You probably never saw a log protection like that before(I didnt).
Any usual bot-protection solution verifies "users" after they joined your group. Any bad bot can dump your whole group history before it fails the verification.
This solution verifies users before they can join your group!
Set your group to private
Activate Log Protection with
/protection
Tell users to ask me for an invitation link in private chatI will create an invitation link for the user if he passes the captcha
I revoke the invitation link after a timeout, or after the user joined your group
Only the verified user can join your group. If another user uses the generated link, I will kick him and revoke the link
ButterBot TG Channel:
https://t.iss.one/butter_bot_info
ButterBott on GitHub:
https://github.com/v1nc/butter_bot
#butterbot #tg #group #bot #v1nc
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@FLOSSb0xIN