Octopus - an alternate OpenPGP backend for Thunderbird built on top of Sequoia

We are thrilled to release the first version of the Octopus, an alternate OpenPGP backend for Thunderbird built on top of Sequoia.

The Octopus is a drop-in replacement for RNP, the OpenPGP library shipped with Thunderbird 78. In addition to providing all of the RNP functionality that Thunderbird uses, the Octopus also includes a number of enhancements. These fall into several categories. The Octopus restores some functionality that was present in Enigmail, but removed or has not yet been reimplemented in Thunderbird’s OpenPGP integration. In particular, the Octopus uses GnuPG’s keystore, interacts with gpg-agent, integrates GnuPG’s web of trust information, and updates certificates in the background.

The Octopus includes a number of security fixes and improvements. For instance, it fixes Thunderbird’s insecure message composition, and automatically encrypts in-memory secret key material at rest. The Octopus adds a few performance improvements, such as, parsing the keyring in the background and using multiple threads. And, the Octopus has better support for parsing less usual, but not necessarily esoteric, certificates and keys.

https://sequoia-pgp.org/blog/2021/04/08/202103-a-new-backend-for-thunderbird/

#thunderbird #octopus #sequoia #OpenPGP #GnuPG #encryption #backend
📡 @nogoolag 📡 @blackbox_archiv

No password required: Mobile carrier exposes data for millions of accounts

Q Link Wireless made data available to anyone who knows a customer's phone number.

Q Link Wireless, a provider of low-cost mobile phone and data services to 2 million US-based customers, has been making sensitive account data available to anyone who knows a valid phone number on the carrier’s network, an analysis of the company’s account management app shows.

Dania, Florida-based Q Link Wireless is what’s known as a Mobile Virtual Network Operator, meaning it doesn’t operate its own wireless network but rather buys services in bulk from other carriers and resells them. It provides government-subsidized phones and service to low-income consumers through the FCC’s Lifeline Program. It also offers a range of low-cost service plans through its Hello Mobile brand. In 2019, Q Link Wireless said it had 2 million customers.

The carrier offers an app called My Mobile Account (for both iOS and Android) that customers can use to monitor text and minutes histories, data and minute usage, or to buy additional minutes or data.

https://arstechnica.com/information-technology/2021/04/no-password-required-mobile-carrier-exposes-data-for-millions-of-accounts/

https://www.reddit.com/r/NoContract/comments/mkolj5/critical_security_issue_with_hellomobile_account/

#usa #data #leak #qlinkwireless #mobile #carrier
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Texas man charged with planning to blow up Amazon data center in Virginia

The Wichita Falls man was arrested Thursday after receiving a fake bomb from an FBI undercover employee.

The FBI arrested a Texas man Thursday on charges of hatching a plan to blow up an Amazon data center in Virginia.

Seth Aaron Pendley, 28, of Wichita Falls was taken into custody Thursday after receiving what he thought was a bomb from a like-minded person, but it was actually a dud provided by an FBI undercover employee.

Court documents say Pendley came to the FBI’s attention after agents received a tip that he was posting alarming statements on a forum popular with militia groups, mymilitia.com. He began communicating through an encrypted messaging app with another person, who told the FBI that Pendley planned to use plastic explosives to attack the tech company’s data centers “to kill about 70% of the internet.”

https://www.nbcnews.com/politics/justice-department/texas-man-charged-planning-blow-amazon-data-center-virginia-n1263663

http://telegra.ph/Texas-Man-Charged-With-Intent-to-Attack-Data-Centers-04-09

via www.justice.gov

#usa #virginia #amazon #DeleteAmazon #datacenter #attack #fbi
📡 @nogoolag 📡 @blackbox_archiv

Solid Benefits of Authentication Without Passwords: Passwordless Identity Platforms Simply Explained

This technology guide from idemeum will help us first take a look at the current state of password-based authentication, and then we'll dig into various technologies that can help you go passwordless with your apps.

Password-based world

Digital identity is so critical to everything we do online, yet it gets compromised in almost every cyber security breach. Every now and then we would hear the news and learn about yet another data breach where identity compromise would be at the core of it. But not everybody is willing to accept the simple truth - we are not equipped with the proper tools to protect our identity. We keep using old inefficient architectures and tools that have been invented decades ago.

First passwords probably arrived at the Massachusetts Institute of Technology in the mid-1960s, when researchers at the university built a massive time-sharing computer called CTSS. The punchline is that even then, passwords didn't protect users as well as they could have.

Fast forward 60 years and we are still using the same "strings of characters" that can ruin our lives and reveal everything about us. Your email. Your bank account. Your files. Your private photos. Your location. No matter how complex, no matter how unique, our passwords can no longer protect us. We constantly try to patch passwords, but we are unsuccessful. Take Multi-Factor Authentication as an example. Despite the obvious benefits, users are still leveraging it on a selective basis due to the significant user experience friction that it introduces.

https://hackernoon.com/solid-benefits-of-authentication-without-passwords-passwordless-identity-platforms-simply-explained-x11033xx

https://idemeum.com/

#idemeum #password #authentication #passwordless
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

A $2 Billion Government Surveillance Lab Created Tech That Guesses Your Name By Simply Looking At Your Face

Ever struggle with putting a name to a face? There’s an app for that.

It was created and patented by one of the U.S. government’s most trusted surveillance labs, the nonprofit research center Mitre Corp. The organization is like James Bond’s Q lab but for the whole of the federal government. The Virginia-based Skunk Works has in the past churned out autonomous surveillance drones, smartwatch hacking tech and tools to take fingerprints from social media images. And Forbes has found a previously unreported patent that seeks to boost facial recognition technology by guessing someone’s name by just looking at their face’s characteristics.

It might sound like sorcery, but the tech stems from previous research from Hebrew University of Jerusalem that suggested a person’s name may be reflected in his facial appearance, a phenomenon dubbed “The Dorian Gray effect,” so named after Oscar Wilde’s eponymous antihero. In their study, they found that people could often guess the name of a person when presented with five different options. Participants accurately picked the right name in 28.21% of the cases, higher than the expected 20%. When a computer, trained on a data set of 100,000 faces, was given two different names and a face, it was right 59% of the time, higher than the 50% one would expect from random guesses.

These findings, said the researchers, indicated that both humans and computers were able look at a face and have a better chance of matching the correct name to it than the wrong one. They suggested that this could be down to the way a name affects a person’s life: “We propose that one’s given name may have a Dorian Gray effect on one’s face. Our given name is our very first social tagging. Each name has associated characteristics, behaviors and a look, and as such, it has a meaning and a shared schema within a society. These name stereotypes include a prototypical facial appearance such that we have a shared representation for the ‘right’ look associated with each name. Over time, these stereotypical expectations of how we should look may eventually manifest in our facial appearance.”

https://www.forbes.com/sites/thomasbrewster/2021/04/08/a-2-billion-government-surveillance-lab-created-tech-that-guesses-your-name-by-simply-looking-at-your-face/

https://patentimages.storage.googleapis.com/02/cf/cf/270123ce4f9494/US20200026908A1.pdf

#usa #privacy #surveillance #MitreCorp #facial #recognition #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Teaching a Robot Dog to Pee Beer

https://youtu.be/tqsy9Wtr1qE

#bostondynamics #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
📽@NoGoolag

Use the DuckDuckGo Extension to Block FLoC, Google’s New Tracking Method in Chrome

Google has created a new tracking method called FLoC, put it in Chrome, and automatically turned it on for millions of users.

💡 FLoC is bad for privacy: It puts you in a group based on your browsing history, and any website can get that group FLoC ID to target and fingerprint you.

You can use the DuckDuckGo Chrome extension (pending Chrome Web Store's approval of our update) to block FLoC's tracking, which is an enhancement to its tracker blocking and directly in line with the extension's single purpose of protecting your privacy holistically as you use Chrome.

DuckDuckGo Search (via our website duckduckgo.com) is now also configured to opt-out of FLoC, regardless if you use our extension or app.

https://spreadprivacy.com/block-floc-with-duckduckgo/

https://www.theverge.com/2021/4/9/22376110/duckduckgo-privacy-floc-block-chrome-extension-advertising-tech

#ddg #DuckDuckGo #google #FLoC #chrome #browser #ad #targeting #tracking #cookies #DeleteGoogle
📡 @nogoolag 📡 @blackbox_archiv

Mining Bitcoin on the Game Boy

In this video, we attempt to mine Bitcoin on the original Game Boy using the Raspberry Pi Pico as a link-cable to USB adapter!

https://www.youtube.com/watch?v=4ckjr9x214c

#mining #bitcoin #gameboy #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
📽@NoGoolag

Why Logitech Just Killed the Universal Remote Control Industry

I had always wondered why no one has been able to solve the ‘too many remote controls’ problem, a clutter a living room of remotes with no ability to figure out which one controls which device. As it turns out, the answer is… a monopoly! A few months ago, I got an email from a professional installer and BIG reader who told me about the company Logitech, a consumer electronics producer. “These remotes,” he told me, “can control a massive array of A/V devices including TVs, cable boxes, disc players, streaming boxes, amplifiers, and more recently IoT devices like lights, blinds, and plugs.”

Logitech’s products are pretty, but the actual quality of the software is terrible, which is the classic sign of a marketing-driven organization run by lazy executives. Logitech is a monopolist in the universal remote control space, which it acquired in 2004 when it purchased a firm called Harmony. “Their market dominance has been ironclad because of their database: they have infrared codes for hundreds of thousands of devices, from brand-name TVs to random HDMI doodads on page fourteen of Amazon. For obvious reasons, they haven’t open-sourced this database.”

I say ‘was’ because Logitech is actually killing the entire product line now. Their CEO says it is because of competition from streaming, but that's nonsense, they’ve wanted to get rid of the product line since 2013. As my source says, “if Harmony were its own company, I highly doubt they’d decide to shut down due to abject hopelessness.” Now the database will probably be destroyed, and people will have to redesign their systems to no longer include a universal remote. There’s also a security issue. :Since much of the Harmony software is cloud-based, countless systems may become inoperable, or impossible to update as new devices (e.g. the PS5) aren’t added to the database, or else vulnerable to hacking as security issues go unpatched.”

https://mattstoller.substack.com/p/why-logitech-just-killed-the-universal

#logitech #universal #remote #controll #iot #comment #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Alphabet, Stop Protecting Harassers

Alphabet workers deserve the right to work in an environment free from their abusers.

Alphabet does not provide a safe environment for those who face harassment in the workplace. Even when HR confirms harassment, no action is taken to make the reporter safe. For example, Emi Nietfeld shared in the New York Times, “My harasser still sat next to me. My manager told me H.R. wouldn’t even make him change his desk, let alone work from home or go on leave.”
This is a long pattern where Alphabet protects the harasser instead of protecting the person harmed by the harassment. The person who reports harassment is forced to bear the burden, usually leaving Alphabet while their harasser stays or is rewarded for their behavior.

This is not news to many people at Alphabet:

https://stopprotectingharassers.medium.com/alphabet-stop-protecting-harassers-d32a17aa5762

#google #DeleteGoogle #alphabet #harassers #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

National Intelligence Council Global Trends 2040

Welcome to the 7th edition of the National Intelligence Council’s Global Trends
report. Published every four years since 1997, Global Trends assesses the key
trends and uncertainties that will shape the strategic environment for the
United States during the next two decades.

Global Trends is designed to provide an analytic framework for policymakers early in each
administration as they craft national security strategy and navigate an uncertain future. The
goal is not to offer a specific prediction of the world in 2040; instead, our intent is to help
policymakers and citizens see what may lie beyond the horizon and prepare for an array of
possible futures.

https://www.dni.gov/files/ODNI/documents/assessments/GlobalTrends_2040.pdf

#pdf #national #intelligence #council
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Why You Should Stop Using Your Facebook Messenger App

If you’re one of the 1.3 billion people using Facebook Messenger, then you need to switch to an alternative. Facebook has suddenly confirmed significant delays with much needed security enhancements to the platform, enhancements that its own executives say are “essential.” Here’s what you need to know.

“The lessons of the past five years make it absolutely clear that technology companies and governments must prioritize private and secure communication.” So said senior Facebook exec Will Cathcart in a Wired opinion piece this week.

Cathcart currently heads WhatsApp, and his article focuses on the need for end-to-end encryption to be protected. He’s absolutely right. Such encryption is “essential,” there is “serious pressure to take it away,” and it “should not be taken for granted.”

I have warned users before to quit Facebook Messenger for alternatives. Beyond its lack of encryption, the platform is also open to content monitoring by Facebook itself, and I have also reported on other serious issues with its handling of your private data.

Now, this week, we have seen three separate events, all of which should give you every reason you need to make that change, to quit Messenger. First Cathcart’s rallying cry for users to use platforms with end-to-end encryption in place. Second, Facebook admitting that such security will not come to Messenger until some time in 2022, at the earliest. And, finally, another story on Facebook’s data mishandling.

https://www.forbes.com/sites/zakdoffman/2021/04/10/stop-using-facebook-messenger-on-your-apple-iphone-or-google-android-phone/

#facebook #DeleteFacebook #messenger #android #google #apple #smartphone #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

mnm is not mail

A sane network protocol for email, to end attacks and promote productivity.

Email has become a universal cybercrime portal. It allows anyone, claiming any identity, to send you any content, any number of times. And it’s long been an obstacle to productivity and effective communication. Many apps & services have offered to replace it. But email is a network of diverse software & sites. A network can’t be replaced by a product or service.

The mnm project enables a new email network: a sane, simple protocol, a client, and a server. It’s designed for everyone, but especially:

👉🏼 Organizations where a phishing attack could be catastrophic. Examples: manufacturing, public infrastructure, government, finance, research & development, information technology.

👉🏼 Services and websites whose clients dislike the message scanning done by webmail providers. Examples: legal affairs, health care, job search, family matters.

💡 mnm has two major goals:

1) To provide a far safer correspondence model, where you:

+ choose the organizations/sites that relay your correspondence
+ select which members of a site can correspond with you
+ always know from which site a message originated
+ can block anyone with whom you’ve made contact
+ may leave a site and never see traffic from it again

2) To offer capabilities missing in traditional email, including:

+ message formatting & layout via Markdown (aka CommonMark)
+ hyperlinks to messages and other threads
+ hashtags and private tags
+ slide deck layouts
+ data-driven charts & graphs
+ forms/surveys whose results are collected into tables
+ many more features to foster focus, creativity, efficiency, and understanding

👉🏼 Try the mnm client, tell us what you think (Live Demo)
https://mnmnotmail.org/demo.html

👉🏼 The client and server are open source, subject to the terms of the Mozilla Public License, v2.0.

https://github.com/networkimprov/mnm-hammer

https://github.com/networkimprov/mnm

https://mnmnotmail.org/

#email #mnm #notmail
📡 @nogoolag 📡 @blackbox_archiv

'Julian Assange EXPOSED The Media Machinery Behind The Wars!'- Ex-Ecuadorian Counsel Fidel Narvaez

On our 1000th episode of Going Underground, we speak to former counsel at the Ecuadorian Embassy Fidel Narvaez. He discusses the events leading up to Assange having his Ecuadorian citizenship revoked and the British Police entering the embassy to arrest him, why Lenin Moreno’s decision leaves him ashamed, the significance of Julian Assange’s contribution to journalism and the fight against corruption worldwide, the end of Lenin Moreno’s Presidency, the candidacy of Andres Arauz, a socialist economist in the Ecuadorean elections and much more!

#assange #wikileaks #narvaez #ecuador #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
📽@NoGoolag

Brave disables Chromium FLoC features

https://github.com/brave/brave-core/pull/8468

#brave #browser #floc #chromium #chrome #google #DeleteGoogle
📡 @nogoolag 📡 @blackbox_archiv

Personal data of 1.3 million Clubhouse users has reportedly leaked online days after LinkedIn and Facebook also suffered data breaches

The personal data of 1.3 million Clubhouse users has leaked online on a popular hacker forum, according to a Saturday report from Cyber News.

So far, it seems like it’s been the worst week of the year for social media platforms in terms of data leaks, with Clubhouse seemingly joining the fray.

Days after scraped data from more than a billion Facebook and LinkedIn profiles, collectively speaking, was put for sale online, it looks like now it’s Clubhouse’s turn. The upstart platform seems to have experienced the same fate, with an SQL database containing 1.3 million scraped Clubhouse user records leaked for free on a popular hacker forum.We reached out to Clubhouse in order to confirm whether the leaked database was genuine and whether Clubhouse was aware of any breach to their systems. As of the time of writing this report, we did not receive a reply from the company.

https://cybernews.com/security/clubhouse-data-leak-1-3-million-user-records-leaked-for-free-online/

#clubhouse #data #leak #user #records
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Sudden New Warning Will Surprise Millions Of WhatsApp Users

A nasty new surprise for WhatsApp’s 2 billion users today, with the discovery of an alarming security risk. Using just your phone number, a remote attacker can easily deactivate WhatsApp on your phone and then stop you getting back in. Even two-factor authentication will not stop this. Here’s how the attack works.

This shouldn't happen. It shouldn't be possible. Not with a platform used by 2 billion people. Not this easily. When researchers, Luis Márquez Carpintero and Ernesto Canales Pereña, warned they could kill WhatsApp on my phone, blocking me from my own account using just my phone number, I was doubtful. But they were right.

“This is yet another worrying hack,” warns ESET’s Jake Moore, “one that could impact millions of users who could potentially be targeted with this attack. With so many people relying on WhatsApp as their primary communication tool for social and work purposes, it is alarming at what ease this can occur.”

Despite its vast user base, WhatsApp is creaking at the seams. Its architecture has fallen behind its rivals, missing key features such as multi-device access and fully encrypted backups. As the world’s most popular messenger focuses on mandating new terms of service to enable Facebook’s latest money-making schemes, these much-needed advancements remain “in development.”

https://nitter.pussthecat.org/0xDUDE

https://www.forbes.com/sites/zakdoffman/2021/04/10/shock-new-warning-for-millions-of-whatsapp-users-on-apple-iphone-and-google-android-phones/

#warning #whatsapp #DeleteWhatsapp #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Why Amazon Unionization Failed in Alabama

In this Wolff Responds, Prof. Wolff explains why Amazon workers in Alabama voted against unionization, and compares the American labor movement to that of Europe. Wolff draws from European examples to underscore what is needed for unions in the US to gain momentum.

https://www.youtube.com/watch?v=lHGQhnYhwSg

#amazon #DeleteAmazon #DickPunchBezos #unionization #alabama #usa #video #thinkabout
📽@nogoolag 📽@blackbox_archiv

Google's short-lived data-advantage

There's a lot of ways to think about the movement to tame Big Tech, but one of the more useful divisions to explore is the "Night of the Comet" people versus the "Don't Believe the Criti-Hype" people.

This is a division over the value of the data that Google, Facebook and other large tech firms have amassed over the years – data on their users, sure, but also data on the advertisers and publishers they serve with their ad-tech platforms.

Big Tech companies and their investors are really bullish on the value of this commercial data-advantage: they say that spying on us – the users – lets them manipulate our opinions and activities so that we buy or believe the things their advertisers pay them to push.

More quietly, their investors believe that the data-advantage extends to publishers and advertisers, a deep storehouse of data that makes it effectively impossible for anyone else to do the precision targeted that Big Tech manages, which is why they have such fat margins.

https://pluralistic.net/2021/04/11/halflife/#minatory-legend

#google #DeleteGoogle #facebook #DeleteFacebook #BigData #BigTech #AdTech #thinkabout #comment
📡 @nogoolag 📡 @blackbox_archiv

IoT-less IP Cameras - Hack Across America 2021

IP cameras that aren't IoT trash? What to look for when researching LAN-only cameras and upgrading "the Peanut" van with 360 surveillance for Hack Across America 2021!

👉🏼 Follow along at: https://hak5.org/hackacrossamerica

https://www.youtube.com/watch?v=dZyZS5PIdVM

#iot #hackacrossamerica #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
📽@NoGoolag

How Bellingcat Launders National Security State Talking Points into the Press

For a self-proclaimed citizen journalism outfit, an alarming number of Bellingcat’s staff and contributors come from highly suspect backgrounds, including high-level positions in military and intelligence agencies.

AMSTERDAM — Investigative site Bellingcat is the toast of the popular press. In the past month alone, it has been described as “an intelligence agency for the people” (ABC Australia), a “transparent” and “innovative” (New Yorker) “independent news collective,” “transforming investigative journalism” (Big Think), and an unequivocal “force for good” (South China Morning Post). Indeed, outside of a few alternative news sites, it is very hard to hear a negative word against Bellingcat, such is the gushing praise for the outlet founded in 2014.

This is troubling, because the evidence compiled in this investigation suggests Bellingcat is far from independent and neutral, as it is funded by Western governments, staffed with former military and state intelligence officers, repeats official narratives against enemy states, and serves as a key part in what could be called a “spook to Bellingcat to corporate media propaganda pipeline,” presenting Western government narratives as independent research.

Citizen journalism staffed with spies and soldiers

An alarming number of Bellingcat’s staff and contributors come from highly suspect backgrounds. Senior Investigator Nick Waters, for example, spent three years as an officer in the British Army, including a tour in Afghanistan, where he furthered the British state’s objectives in the region. Shortly after leaving the service, he was hired by Bellingcat to provide supposedly bias-free investigations into the Middle East.

https://www.mintpressnews.com/bellingcat-intelligence-agencies-launders-talking-points-media/276603/

👉🏼 Bellingcat's Online Investigation Toolkit - version 6.6 (Feb.11, 2021)
https://news.1rj.ru/str/BlackBox_Archiv/1635

#bellingcat #toolkit #research #collection
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag