90: Jenny
Darknet Diaries - EP 90: JENNY
Meet Jenny Radcliffe, the People Hacker. She’s a social engineer and physical penetration tester. Which means she gets paid to break into buildings and test their security. In this episode she tells us a few stories of some penetration testing jobs she’s done.
https://darknetdiaries.com/episode/90/
#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
🎙@NoGoolag
Meet Jenny Radcliffe, the People Hacker. She’s a social engineer and physical penetration tester. Which means she gets paid to break into buildings and test their security. In this episode she tells us a few stories of some penetration testing jobs she’s done.
https://darknetdiaries.com/episode/90/
#truecrime #darknetdiaries #podcast
🎙@cRyPtHoN_INFOSEC_FR
🎙@cRyPtHoN_INFOSEC_EN
🎙@cRyPtHoN_INFOSEC_DE
🎙@BlackBox_Archiv
🎙@NoGoolag
Gmail 'safer than parliament's email system' says Tory MP
Google's email service - Gmail - is “more secure” than parliament's email system, the chair of the Foreign Affairs Select Committee has claimed.
Tom Tugendhat told BBC Radio 4’s Today programme he has repeatedly been the focus of cyber attacks over the past three years.
Hackers have tried to access his account and sent emails impersonating him, he told the BBC.
The Tory MP believes China and Iran were behind some of these attempts.
“I was told by friends at GCHQ that I was better off sticking to Gmail, rather than using the parliamentary system, because it was more secure,” said Mr Tugendhat.
“Frankly, that tells you the level of security and the priority we're giving to democracy in the United Kingdom.”
https://www.bbc.co.uk/news/technology-56733667
#google #gmail #uk #china #iran #cyberattack #tory #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Google's email service - Gmail - is “more secure” than parliament's email system, the chair of the Foreign Affairs Select Committee has claimed.
Tom Tugendhat told BBC Radio 4’s Today programme he has repeatedly been the focus of cyber attacks over the past three years.
Hackers have tried to access his account and sent emails impersonating him, he told the BBC.
The Tory MP believes China and Iran were behind some of these attempts.
“I was told by friends at GCHQ that I was better off sticking to Gmail, rather than using the parliamentary system, because it was more secure,” said Mr Tugendhat.
“Frankly, that tells you the level of security and the priority we're giving to democracy in the United Kingdom.”
https://www.bbc.co.uk/news/technology-56733667
#google #gmail #uk #china #iran #cyberattack #tory #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
BBC News
Gmail 'safer than parliament's email system' says Tory MP
Tom Tugendhat, Foreign Affairs Select Committee chair, says he was advised Gmail was 'more secure'.
Update on beta testing payments in Signal
As the world stands today, the future of transaction privacy does not look great. The existing landscape is dominated by traditional credit companies, who over the past decade have been steadily pushing their networks for increased access to user data. They (and their data customers) are on a track to getting SKU level data of every purchase everyone makes everywhere. There are other contenders, such as regional online payments networks (like Venmo in the US), but the data story there is similar.
This is not a future we are particularly excited about. At Signal, we want to help build a different kind of tech – where software is built for you rather than for your data – so these are trends that we watch warily.
https://signal.org/blog/update-on-beta-testing-payments/
#signal #privacy #messaging #cryptocurrency #payment #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
As the world stands today, the future of transaction privacy does not look great. The existing landscape is dominated by traditional credit companies, who over the past decade have been steadily pushing their networks for increased access to user data. They (and their data customers) are on a track to getting SKU level data of every purchase everyone makes everywhere. There are other contenders, such as regional online payments networks (like Venmo in the US), but the data story there is similar.
This is not a future we are particularly excited about. At Signal, we want to help build a different kind of tech – where software is built for you rather than for your data – so these are trends that we watch warily.
https://signal.org/blog/update-on-beta-testing-payments/
#signal #privacy #messaging #cryptocurrency #payment #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Signal
Update on beta testing payments in Signal
As the world stands today, the future of transaction privacy does not look great. The existing landscape is dominated by traditional credit companies, who over the past decade have been steadily pushing their networks for increased access to user data. They…
Hypercable Analytics
Hypercable Analytics is a fully featured high performance scalable alternative to Google Analytics, build with timescaledb openresty redis and rails.
💡 Feature list:
* Selfhost
* Basic Metrics
* Channel Referrer / Campaign Tracking
* Integration with Google Ads
* Ecommerce Analytics
* Event-level raw data
* Custom reporting logic
* No data sampling
* Measurment Protocol
https://github.com/HyperCable/hypercable
#hypercable #google #analytics #alternatives
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Hypercable Analytics is a fully featured high performance scalable alternative to Google Analytics, build with timescaledb openresty redis and rails.
💡 Feature list:
* Selfhost
* Basic Metrics
* Channel Referrer / Campaign Tracking
* Integration with Google Ads
* Ecommerce Analytics
* Event-level raw data
* Custom reporting logic
* No data sampling
* Measurment Protocol
https://github.com/HyperCable/hypercable
#hypercable #google #analytics #alternatives
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
GitHub
hypercable/measurement_protocol.md at main · HyperCable/hypercable
Hypercable Analytics is a fully featured high performance scalable alternative to Google Analytics, build with timescaledb openresty redis and rails. - hypercable/measurement_protocol.md at main ...
Morpheus Turns a CPU Into a Rubik’s Cube to Defeat Hackers
University of Michigan’s Todd Austin explains how his team’s processor defeated every attack in DARPA's hardware hacking challenge
Last summer, 580 cybersecurity researchers spent 13,000 hours trying to break into a new kind of processor. They all failed.
The hack attack was the first big test in a U.S. Defense Advanced Research Program Agency (DARPA) program called Security Integrated Through Hardware and firmware (SSITH). It’s aimed at developing processors that are inherently immune to whole classes of hardware vulnerabilities that can be exploited by malware. (Spectre and Meltdown are among those.)
A total of 10 vulnerabilities were uncovered among the five processors developed for SSITH, but none of those weak points were found in the University of Michigan processor, called Morpheus. Michigan professor of electrical engineering and computer science Todd Austin explained what makes Morpheus so puzzling for hackers to penetrate.
https://spectrum.ieee.org/tech-talk/semiconductors/processors/morpheus-turns-a-cpu-into-a-rubiks-cube-to-defeat-hackers
#morpheus #cpu #rubikscube #defeat #hackers
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
University of Michigan’s Todd Austin explains how his team’s processor defeated every attack in DARPA's hardware hacking challenge
Last summer, 580 cybersecurity researchers spent 13,000 hours trying to break into a new kind of processor. They all failed.
The hack attack was the first big test in a U.S. Defense Advanced Research Program Agency (DARPA) program called Security Integrated Through Hardware and firmware (SSITH). It’s aimed at developing processors that are inherently immune to whole classes of hardware vulnerabilities that can be exploited by malware. (Spectre and Meltdown are among those.)
A total of 10 vulnerabilities were uncovered among the five processors developed for SSITH, but none of those weak points were found in the University of Michigan processor, called Morpheus. Michigan professor of electrical engineering and computer science Todd Austin explained what makes Morpheus so puzzling for hackers to penetrate.
https://spectrum.ieee.org/tech-talk/semiconductors/processors/morpheus-turns-a-cpu-into-a-rubiks-cube-to-defeat-hackers
#morpheus #cpu #rubikscube #defeat #hackers
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
IEEE Spectrum
Morpheus Turns a CPU Into a Rubik’s Cube to Defeat Hackers
University of Michigan's Todd Austin explains how his team's processor defeated every attack in DARPA's hardware hacking challenge
Reverse engineering (Absolute) UEFI modules for beginners
This post introduces how one can start reverse engineering UEFI-based BIOS modules. Taking Absolute as an example, this post serves as a tutorial of BIOS module reverse engineering with free tools and approachable steps for beginners.
This post is not to explain how to disable or discover issues in Absolute.
In this post, terms "BIOS", "UEFI" and "firmware" all refer to UEFI-based host firmware and are interchangeable.
https://standa-note.blogspot.com/2021/04/reverse-engineering-absolute-uefi.html
#reverse #engineering #absolute #uefi #bios
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
This post introduces how one can start reverse engineering UEFI-based BIOS modules. Taking Absolute as an example, this post serves as a tutorial of BIOS module reverse engineering with free tools and approachable steps for beginners.
This post is not to explain how to disable or discover issues in Absolute.
In this post, terms "BIOS", "UEFI" and "firmware" all refer to UEFI-based host firmware and are interchangeable.
https://standa-note.blogspot.com/2021/04/reverse-engineering-absolute-uefi.html
#reverse #engineering #absolute #uefi #bios
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Blogspot
Reverse engineering (Absolute) UEFI modules for beginners
This post introduces how one can start reverse engineering UEFI-based BIOS modules. Taking Absolute as an example, this post serves as a tut...
WhatsApp's new privacy policy is so bad it might be illegal
A German data protection agency has opened proceedings
WhatsApp has been facing one hell of a backlash ever since it shared that it wanted to update its privacy policy with changes that would allow Facebook to aggregate all of its users' data across all of its services. And now, the company might be in for some regulatory issues, as well. A German privacy regulator (via Bloomberg) has opened proceedings to stop the company from moving forward with the privacy policy update.
The Hamburg commissioner for data protection and freedom of information, Johannes Caspar, is looking to stop Facebook from aggregating the data from WhatsApp, fearing that the company would use it to expand its marketing and advertising business.
Caspar said in a statement: "Currently, there is reason to believe that the data sharing provisions between WhatsApp and Facebook are intended to be unlawfully enforced due to the lack of voluntary and informed consent. In order to prevent unlawful mass data sharing and to put an end to unlawful consent pressure on millions of people, a formal administrative procedure has now been initiated to protect data subjects."
The goal is to reach a decision before May 15, the date when users have to accept the new privacy policy or (presumably) stop using WhatsApp. It's highly possible that the order will only apply for German residents, but we can still hope that the proceedings will set a precedence for other countries and regulators.
The Hamburg commissioner previously successfully issued a similar order against Facebook four and a half years ago for updating WhatsApp's terms and services with changes regarding information sharing across Facebook companies. The order was confirmed by two instances after Facebook took legal action against it, and data sharing between Facebook and WhatsApp has been more limited in the EU than in other regions ever since.
https://www.androidpolice.com/2021/04/13/whatsapps-new-privacy-policy-is-so-bad-it-might-be-illegal/
#whatsapp #DeleteWhatsapp #privacy #policy #illegal #data #protection #germany
📡 @nogoolag 📡 @blackbox_archiv
A German data protection agency has opened proceedings
WhatsApp has been facing one hell of a backlash ever since it shared that it wanted to update its privacy policy with changes that would allow Facebook to aggregate all of its users' data across all of its services. And now, the company might be in for some regulatory issues, as well. A German privacy regulator (via Bloomberg) has opened proceedings to stop the company from moving forward with the privacy policy update.
The Hamburg commissioner for data protection and freedom of information, Johannes Caspar, is looking to stop Facebook from aggregating the data from WhatsApp, fearing that the company would use it to expand its marketing and advertising business.
Caspar said in a statement: "Currently, there is reason to believe that the data sharing provisions between WhatsApp and Facebook are intended to be unlawfully enforced due to the lack of voluntary and informed consent. In order to prevent unlawful mass data sharing and to put an end to unlawful consent pressure on millions of people, a formal administrative procedure has now been initiated to protect data subjects."
The goal is to reach a decision before May 15, the date when users have to accept the new privacy policy or (presumably) stop using WhatsApp. It's highly possible that the order will only apply for German residents, but we can still hope that the proceedings will set a precedence for other countries and regulators.
The Hamburg commissioner previously successfully issued a similar order against Facebook four and a half years ago for updating WhatsApp's terms and services with changes regarding information sharing across Facebook companies. The order was confirmed by two instances after Facebook took legal action against it, and data sharing between Facebook and WhatsApp has been more limited in the EU than in other regions ever since.
https://www.androidpolice.com/2021/04/13/whatsapps-new-privacy-policy-is-so-bad-it-might-be-illegal/
#whatsapp #DeleteWhatsapp #privacy #policy #illegal #data #protection #germany
📡 @nogoolag 📡 @blackbox_archiv
Android Police
WhatsApp's new privacy policy is so bad it might be illegal
A German data protection agency has opened proceedings
👍1
2103.04952.pdf
798.8 KB
Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses
The "eternal war in cache" has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict JavaScript features deemed essential for carrying out attacks. To assess the effectiveness of this approach, in this work we seek to identify those JavaScript features which are essential for carrying out a cache-based attack. approaches completely defend against our attacks. We further argue that the protections of Chrome Zero need to be more comprehensively applied, and that the performance and user experience of Chrome Zero will be severely degraded if this approach is taken.
https://arxiv.org/abs/2103.04952
#pdf #browser #sidechannel #defenses
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
The "eternal war in cache" has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict JavaScript features deemed essential for carrying out attacks. To assess the effectiveness of this approach, in this work we seek to identify those JavaScript features which are essential for carrying out a cache-based attack. approaches completely defend against our attacks. We further argue that the protections of Chrome Zero need to be more comprehensively applied, and that the performance and user experience of Chrome Zero will be severely degraded if this approach is taken.
https://arxiv.org/abs/2103.04952
#pdf #browser #sidechannel #defenses
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Media is too big
VIEW IN TELEGRAM
Discord and Slack Used To Spread RATs - ThreatWire
Facebook downplays the data leak, linkedin appears to be targeted in a similar attack, and Discord and Slack are being used to spread remote access trojans! All that coming up now on ThreatWire.
https://www.youtube.com/watch?v=mdTnhUJFnno
#threatwire #hak5 #discord #linkedin #facebook #slack #rats #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
📽@NoGoolag
Facebook downplays the data leak, linkedin appears to be targeted in a similar attack, and Discord and Slack are being used to spread remote access trojans! All that coming up now on ThreatWire.
https://www.youtube.com/watch?v=mdTnhUJFnno
#threatwire #hak5 #discord #linkedin #facebook #slack #rats #video
📽@cRyPtHoN_INFOSEC_FR
📽@cRyPtHoN_INFOSEC_EN
📽@cRyPtHoN_INFOSEC_DE
📽@BlackBox_Archiv
📽@NoGoolag
From Cracks to Empty Wallets – How Popular Cracks Lead to Digital Currency and Data Theft
For about three years, hackers have been stealing cryptocurrency from victims’ Monero wallets using powerful malware delivered through software cracks for popular apps.
Cracks and patches have been around since the advent of commercial software. Easy to use and widely available on specialized sharing websites, these small apps let people bypass commercial protections in popular software and use applications without paying for them. However, besides the legal implications of unauthorized software use, the cyber-security risks are serious.
Bitdefender analysts have recently uncovered a series of attacks that leverage office tools and image-editing software cracks to compromise computers, hijack crypto-currency wallets and exfiltrate information via the TOR network.
Once executed, the crack drops an instance of ncat.exe (a legitimate tool to send raw data over the network) as well as a TOR proxy. The Netcat and TOR proxy files are dropped on disk as either
https://labs.bitdefender.com/2021/04/from-cracks-to-empty-wallets--how-popular-cracks-lead-to-digital-currency-and-data-theft/
#cyberattack #cracks #hijack #compromise #tor #currency #data #theft #microsoft #adobe
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
For about three years, hackers have been stealing cryptocurrency from victims’ Monero wallets using powerful malware delivered through software cracks for popular apps.
Cracks and patches have been around since the advent of commercial software. Easy to use and widely available on specialized sharing websites, these small apps let people bypass commercial protections in popular software and use applications without paying for them. However, besides the legal implications of unauthorized software use, the cyber-security risks are serious.
Bitdefender analysts have recently uncovered a series of attacks that leverage office tools and image-editing software cracks to compromise computers, hijack crypto-currency wallets and exfiltrate information via the TOR network.
Once executed, the crack drops an instance of ncat.exe (a legitimate tool to send raw data over the network) as well as a TOR proxy. The Netcat and TOR proxy files are dropped on disk as either
%syswow64%\nap.exe or %syswow64%\ndc.exe for the first one and %syswow64\tarsrv.exe for the latter. Additionally, a batch file is dropped at %syswow64%\chknap.bat (for nap.exe) and %syswow64%\nddcf.cmd (for ndc.exe) that contains the command-line for the Ncat component, which cycles through ports 8000 to 9000 on a .onion domain, as shown in the screenshot below.https://labs.bitdefender.com/2021/04/from-cracks-to-empty-wallets--how-popular-cracks-lead-to-digital-currency-and-data-theft/
#cyberattack #cracks #hijack #compromise #tor #currency #data #theft #microsoft #adobe
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Bitdefender
Bitdefender - Global Leader in Cybersecurity Software
Bitdefender is a cybersecurity software leader delivering best-in-class threat prevention, detection, and response solutions worldwide.
Google to Start Censoring Telegram
Fake news or justifiable warning? You be the judge.
I saw a message today stating the “Google Play Store is now censoring certain pages on Telegram if you downloaded the app through them.” The message suggested a simple workaround to download the app directly from telegram.org/android.
👉🏼 Here’s the message in its entirety:
"Google Play Store is now censoring certain pages on Telegram if you downloaded the app through them.
To get around this simply download the Android app directly from Telegram themselves. Less censorship and more updates.
Before you delete the Google play store Telegram app, install the new one directly from Telegram which will send you a security code to your Telegram messages. Once you have the code from the old app and you enter it into the new one, you can then delete the Google play store version."
Having seen videos I consider important disappearing from YouTube recently I wouldn’t put it past Google to dupe the chattle into downloading a doctored version of Telegram in order to protect people stamp out free speech in order to suppress the fast-rising global freedom movement organizing on Telegram.
Whether or not the message I shared above was true or false is less important to me than maintaining free speech. And so I’d like to share a few resources I’ve learned about from being on Telegram which can help you do just that:
https://habd.as/post/google-start-censor-telegram/
#BigTech #censorship #dystopia #freedom #google #DeleteGoogle #youtube #telegram #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Fake news or justifiable warning? You be the judge.
I saw a message today stating the “Google Play Store is now censoring certain pages on Telegram if you downloaded the app through them.” The message suggested a simple workaround to download the app directly from telegram.org/android.
👉🏼 Here’s the message in its entirety:
"Google Play Store is now censoring certain pages on Telegram if you downloaded the app through them.
To get around this simply download the Android app directly from Telegram themselves. Less censorship and more updates.
Before you delete the Google play store Telegram app, install the new one directly from Telegram which will send you a security code to your Telegram messages. Once you have the code from the old app and you enter it into the new one, you can then delete the Google play store version."
Having seen videos I consider important disappearing from YouTube recently I wouldn’t put it past Google to dupe the chattle into downloading a doctored version of Telegram in order to protect people stamp out free speech in order to suppress the fast-rising global freedom movement organizing on Telegram.
Whether or not the message I shared above was true or false is less important to me than maintaining free speech. And so I’d like to share a few resources I’ve learned about from being on Telegram which can help you do just that:
https://habd.as/post/google-start-censor-telegram/
#BigTech #censorship #dystopia #freedom #google #DeleteGoogle #youtube #telegram #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
👎1
Cybersecurity - Biden Rushes to Protect the Power Grid as Hacking Threats Grow
A White House plan to rapidly shore up the security of the U.S. power grid will begin with a 100-day sprint, but take years more to transform utilities’ ability to fight off hackers, according to details of a draft version of the plan confirmed by two people.
The plan is the policy equivalent of a high-wire act: it provides incentives for electric companies to dramatically change the way they protect themselves against cyber-attacks while trying to avoid political tripwires that have stalled previous efforts, the details suggest.
Among its core tenets, the Biden administration’s so-called “action plan” will incentivize power utilities to install sophisticated new monitoring equipment to more quickly detect hackers, and to share that information widely with the U.S. government.
It will ask utilities to identify critical sites which, if attacked, could have an outsized impact across the grid, according to a six-page draft of the plan, which was drawn up by the National Security Council and described in detail to Bloomberg News.
And it will expand a partially classified Energy Department program to identify flaws in grid components that could be exploited by the country’s cyber-adversaries, including Russia, Iran and China.
https://www.bloomberg.com/news/articles/2021-04-14/biden-rushes-to-protect-the-power-grid-as-hacking-threats-grow
#cybersecurity #usa #powergrid #hacking #threats #russia #china #iran
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
A White House plan to rapidly shore up the security of the U.S. power grid will begin with a 100-day sprint, but take years more to transform utilities’ ability to fight off hackers, according to details of a draft version of the plan confirmed by two people.
The plan is the policy equivalent of a high-wire act: it provides incentives for electric companies to dramatically change the way they protect themselves against cyber-attacks while trying to avoid political tripwires that have stalled previous efforts, the details suggest.
Among its core tenets, the Biden administration’s so-called “action plan” will incentivize power utilities to install sophisticated new monitoring equipment to more quickly detect hackers, and to share that information widely with the U.S. government.
It will ask utilities to identify critical sites which, if attacked, could have an outsized impact across the grid, according to a six-page draft of the plan, which was drawn up by the National Security Council and described in detail to Bloomberg News.
And it will expand a partially classified Energy Department program to identify flaws in grid components that could be exploited by the country’s cyber-adversaries, including Russia, Iran and China.
https://www.bloomberg.com/news/articles/2021-04-14/biden-rushes-to-protect-the-power-grid-as-hacking-threats-grow
#cybersecurity #usa #powergrid #hacking #threats #russia #china #iran
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Bloomberg
Biden Rushes to Protect Power Grid as Hacking Threats Grow
A White House plan to rapidly shore up the security of the U.S. power grid will begin with a 100-day sprint, but take years more to transform utilities’ ability to fight off hackers, according to details of a draft version of the plan confirmed by two people.
Europe seeks to limit use of AI in society
The use of facial recognition for surveillance, or algorithms that manipulate human behaviour, will be banned under proposed EU regulations on artificial intelligence.
The wide-ranging proposals, which were leaked ahead of their official publication, also promised tough new rules for what they deem high-risk AI.
That includes algorithms used by the police and in recruitment.
Experts said the rules were vague and contained loopholes.
The use of AI in the military is exempt, as are systems used by authorities in order to safeguard public security.
💡 The suggested list of banned AI systems includes:
👉🏼 those designed or used in a manner that manipulates human behaviour, opinions or decisions ...causing a person to behave, form an opinion or take a decision to their detriment
👉🏼 AI systems used for indiscriminate surveillance applied in a generalised manner
👉🏼 AI systems used for social scoring
👉🏼 those that exploit information or predictions and a person or group of persons in order to target their vulnerabilities
https://www.bbc.com/news/technology-56745730
#eu #regulations #facial #recognition #surveillance #socialscoring #ai
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
The use of facial recognition for surveillance, or algorithms that manipulate human behaviour, will be banned under proposed EU regulations on artificial intelligence.
The wide-ranging proposals, which were leaked ahead of their official publication, also promised tough new rules for what they deem high-risk AI.
That includes algorithms used by the police and in recruitment.
Experts said the rules were vague and contained loopholes.
The use of AI in the military is exempt, as are systems used by authorities in order to safeguard public security.
💡 The suggested list of banned AI systems includes:
👉🏼 those designed or used in a manner that manipulates human behaviour, opinions or decisions ...causing a person to behave, form an opinion or take a decision to their detriment
👉🏼 AI systems used for indiscriminate surveillance applied in a generalised manner
👉🏼 AI systems used for social scoring
👉🏼 those that exploit information or predictions and a person or group of persons in order to target their vulnerabilities
https://www.bbc.com/news/technology-56745730
#eu #regulations #facial #recognition #surveillance #socialscoring #ai
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
BBC News
Europe seeks to limit use of AI in society
The rules are proposals and could take several years to become law.
How a WhatsApp status loophole is aiding cyberstalkers
Cyberstalkers typically like to collect as much information about their target as possible. They want to know where they are at any given moment; who they’re meeting; who they’re talking to; what their texts say; who they’re emailing; what they’re browsing for online. Knowledge is power, and having this level of power over someone is intoxicating, dangerous and profoundly unethical.
To combat the rise in cyberstalking behaviours, and to keep people safe, software developers are increasingly held to account for higher levels of privacy in their platforms and products. But the world of cyberstalking is a very grey one.
What one person regards as stalking, another may see as protecting a loved one. To this point, while Google has banned advertising for stalkerware on its app store, Google Play, countless tracking and monitoring apps get around this ban by claiming to help parents track and monitor their childrens’ online activity, location, messages and more.
https://traced.app/2021/04/13/whatsapp-status-loophole-is-aiding-cyberstalkers/
#whatsapp #DeleteWhatsapp #cyberstalkers #onlinestatus #tracker #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Cyberstalkers typically like to collect as much information about their target as possible. They want to know where they are at any given moment; who they’re meeting; who they’re talking to; what their texts say; who they’re emailing; what they’re browsing for online. Knowledge is power, and having this level of power over someone is intoxicating, dangerous and profoundly unethical.
To combat the rise in cyberstalking behaviours, and to keep people safe, software developers are increasingly held to account for higher levels of privacy in their platforms and products. But the world of cyberstalking is a very grey one.
What one person regards as stalking, another may see as protecting a loved one. To this point, while Google has banned advertising for stalkerware on its app store, Google Play, countless tracking and monitoring apps get around this ban by claiming to help parents track and monitor their childrens’ online activity, location, messages and more.
https://traced.app/2021/04/13/whatsapp-status-loophole-is-aiding-cyberstalkers/
#whatsapp #DeleteWhatsapp #cyberstalkers #onlinestatus #tracker #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Traced
How a WhatsApp status loophole is aiding cyberstalkers
These WhatsApp status trackers are a new variety of surveillance software, but can be just as invasive and harmful as stalkerware.
It's time to say goodbye to the GPL
The trigger for this post is the reinstating of Richard Stallman, a very problematic character, to the board of the Free Software Foundation (FSF). I am appalled by this move, and join others in the call for his removal.
This occasion has caused me to reevaluate the position of the FSF in computing. It is the steward of the GNU project (a part of Linux distributions, loosely speaking), and of a family of software licenses centred around the GNU General Public License (GPL). These efforts are unfortunately tainted by Stallman’s behaviour. However, this is not what I actually want to talk about today.
In this post I argue that we should move away from the GPL and related licenses (LGPL, AGPL), for reasons that have nothing to do with Stallman, but simply because I think they have failed to achieve their purpose, and they are more trouble than they are worth.
First, brief background: the defining feature of the GPL family of licenses is the concept of copyleft, which states (roughly) that if you take some GPL-licensed code and modify it or build upon it, you must also make your modifications/extensions (known as a “derivative work”) freely available under the same license. This has the effect that the GPL’ed source code cannot be incorporated into closed-source software. At first glance, this seems like a great idea. So what is the problem?
The enemy has changed
In the 1980s and 1990s, when the GPL was written, the enemy of the free software movement was Microsoft and other companies that sold closed-source (“proprietary”) software. The GPL intended to disrupt this business model for two main reasons:
https://martin.kleppmann.com/2021/04/14/goodbye-gpl.html
#gpl #goodbye #comment #stallman #rms #fsf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
The trigger for this post is the reinstating of Richard Stallman, a very problematic character, to the board of the Free Software Foundation (FSF). I am appalled by this move, and join others in the call for his removal.
This occasion has caused me to reevaluate the position of the FSF in computing. It is the steward of the GNU project (a part of Linux distributions, loosely speaking), and of a family of software licenses centred around the GNU General Public License (GPL). These efforts are unfortunately tainted by Stallman’s behaviour. However, this is not what I actually want to talk about today.
In this post I argue that we should move away from the GPL and related licenses (LGPL, AGPL), for reasons that have nothing to do with Stallman, but simply because I think they have failed to achieve their purpose, and they are more trouble than they are worth.
First, brief background: the defining feature of the GPL family of licenses is the concept of copyleft, which states (roughly) that if you take some GPL-licensed code and modify it or build upon it, you must also make your modifications/extensions (known as a “derivative work”) freely available under the same license. This has the effect that the GPL’ed source code cannot be incorporated into closed-source software. At first glance, this seems like a great idea. So what is the problem?
The enemy has changed
In the 1980s and 1990s, when the GPL was written, the enemy of the free software movement was Microsoft and other companies that sold closed-source (“proprietary”) software. The GPL intended to disrupt this business model for two main reasons:
https://martin.kleppmann.com/2021/04/14/goodbye-gpl.html
#gpl #goodbye #comment #stallman #rms #fsf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
What's the most popular web browser in 2021?
I literally wrote the first popular article about the web. Since then I've been keeping a close eye on web browsers, as our only choice was the WEB shell program. We've come a long way, but web browsers are still the primary way we connect with the endless fields of data, stories, and video that makes up the modern web. And, today, Google's Chrome is the way most of us work and play on the web.
It's been really hard to get hard data on which were really the most popular web browsers. True, many companies claimed to have good information, such as NetMarketShare and StatCounter, but their numbers are massaged. The US federal government's Digital Analytics Program (DAP), however, gives us a running count of the last 90 days of US government website visits. That doesn't tell us much about global web browser use; it's the best information we have about American web browser users today.
And the top web browser is, according to the DAP's 6.67 billion visits over the past 90 days (drumroll, please): Google Chrome with 48.3%. That's a smidgen down from last year when Chrome had 49.3%.
This drop didn't come from any sudden rise of an alternative browser. Perish the thought. On the desktop, Chrome rules. But, in the last 12 months, we've seen an enormous rise of smartphones over PCs for web use. In 2019 and 2020, just over half -- 50% to 46.9% -- of the web browsing market belonged to smartphones over PCs. The remainder, 3.1%, went to tablets. In 2020 and 2021, 57.4% of web browsing sessions were on smartphones with only 40.5% on laptops and desktops. The tablet market shrunk down to 2.1%.
https://www.zdnet.com/article/most-popular-web-browser-in-2021/
#popular #browser #google #chrome
📡 @nogoolag 📡 @blackbox_archiv
I literally wrote the first popular article about the web. Since then I've been keeping a close eye on web browsers, as our only choice was the WEB shell program. We've come a long way, but web browsers are still the primary way we connect with the endless fields of data, stories, and video that makes up the modern web. And, today, Google's Chrome is the way most of us work and play on the web.
It's been really hard to get hard data on which were really the most popular web browsers. True, many companies claimed to have good information, such as NetMarketShare and StatCounter, but their numbers are massaged. The US federal government's Digital Analytics Program (DAP), however, gives us a running count of the last 90 days of US government website visits. That doesn't tell us much about global web browser use; it's the best information we have about American web browser users today.
And the top web browser is, according to the DAP's 6.67 billion visits over the past 90 days (drumroll, please): Google Chrome with 48.3%. That's a smidgen down from last year when Chrome had 49.3%.
This drop didn't come from any sudden rise of an alternative browser. Perish the thought. On the desktop, Chrome rules. But, in the last 12 months, we've seen an enormous rise of smartphones over PCs for web use. In 2019 and 2020, just over half -- 50% to 46.9% -- of the web browsing market belonged to smartphones over PCs. The remainder, 3.1%, went to tablets. In 2020 and 2021, 57.4% of web browsing sessions were on smartphones with only 40.5% on laptops and desktops. The tablet market shrunk down to 2.1%.
https://www.zdnet.com/article/most-popular-web-browser-in-2021/
#popular #browser #google #chrome
📡 @nogoolag 📡 @blackbox_archiv
ZDNet
What's the most popular web browser in 2021?
Take a wild guess.
The FBI wanted to unlock the San Bernardino shooter’s iPhone. It turned to a little-known Australian firm.
Azimuth unlocked the iPhone at the center of an epic legal battle between the FBI and Apple. Now, Apple is suing the company co-founded by one of the hackers behind the unlock.
The iPhone used by a terrorist in the San Bernardino shooting was unlocked by a small Australian hacking firm in 2016, ending a momentous standoff between the U.S. government and the tech titan Apple.
Azimuth Security, a publicity-shy company that says it sells its cyber wares only to democratic governments, secretly crafted the solution the FBI used to gain access to the device, according to several people familiar with the matter. The iPhone was used by one of two shooters whose December 2015 attack left more than a dozen people dead.
The identity of the hacking firm has remained a closely guarded secret for five years. Even Apple didn’t know which vendor the FBI used, according to company spokesman Todd Wilder. But without realizing it, Apple’s attorneys came close last year to learning of Azimuth’s role — through a different court case, one that has nothing to do with unlocking a terrorist’s device.
Five years ago, Apple and the FBI both cast the struggle over the iPhone as a moral battle. The FBI believed Apple should help it obtain information to investigate the terrorist attack. Apple believed that creating a back door into the phone would weaken security and could be used by malicious actors. The FBI sought a court order to compel Apple to help the government. Weeks later, the FBI backed down after it had found an outside group that had a solution to gain access to the phone.
http://telegra.ph/The-FBI-wanted-to-unlock-the-San-Bernardino-shooters-iPhone-It-turned-to-a-little-known-Australian-firm-04-14
via www.washingtonpost.com
#usa #fbi #apple #iphone
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Azimuth unlocked the iPhone at the center of an epic legal battle between the FBI and Apple. Now, Apple is suing the company co-founded by one of the hackers behind the unlock.
The iPhone used by a terrorist in the San Bernardino shooting was unlocked by a small Australian hacking firm in 2016, ending a momentous standoff between the U.S. government and the tech titan Apple.
Azimuth Security, a publicity-shy company that says it sells its cyber wares only to democratic governments, secretly crafted the solution the FBI used to gain access to the device, according to several people familiar with the matter. The iPhone was used by one of two shooters whose December 2015 attack left more than a dozen people dead.
The identity of the hacking firm has remained a closely guarded secret for five years. Even Apple didn’t know which vendor the FBI used, according to company spokesman Todd Wilder. But without realizing it, Apple’s attorneys came close last year to learning of Azimuth’s role — through a different court case, one that has nothing to do with unlocking a terrorist’s device.
Five years ago, Apple and the FBI both cast the struggle over the iPhone as a moral battle. The FBI believed Apple should help it obtain information to investigate the terrorist attack. Apple believed that creating a back door into the phone would weaken security and could be used by malicious actors. The FBI sought a court order to compel Apple to help the government. Weeks later, the FBI backed down after it had found an outside group that had a solution to gain access to the phone.
http://telegra.ph/The-FBI-wanted-to-unlock-the-San-Bernardino-shooters-iPhone-It-turned-to-a-little-known-Australian-firm-04-14
via www.washingtonpost.com
#usa #fbi #apple #iphone
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Telegraph
The FBI wanted to unlock the San Bernardino shooter’s iPhone. It turned to a little-known Australian firm.
The identity of the hacking firm has remained a closely guarded secret for five years. Even Apple didn’t know which vendor the FBI used, according to company spokesman Todd Wilder. But without realizing it, Apple’s attorneys came close last year to learning…
The FBI Is Now Securing Networks Without Their Owners’ Permission
In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that would give them subsequent remote access. Even if the vulnerabilities were patched, the shell would remain until the network operators removed it.
Now, months later, many of those shells are still in place. And they’re being used by criminal hackers as well.
On Tuesday, the FBI announced that it successfully received a court order to remove “hundreds” of these web shells from networks in the US.
This is nothing short of extraordinary, and I can think of no real-world parallel. It’s kind of like if a criminal organization infiltrated a door-lock company and surreptitiously added a master passkey feature, and then customers bought and installed those locks. And then if the FBI got a court order to fix all the locks to remove the master passkey capability. And it’s kind of not like that. In any case, it’s not what we normally think of when we think of a warrant. The links above have details, but I would like a legal scholar to weigh in on the implications of this.
https://www.schneier.com/blog/archives/2021/04/the-fbi-is-now-securing-networks-without-their-owners-permission.html
#china #courts #cyberespionage #espionage #fbi #microsoft #zeroday
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that would give them subsequent remote access. Even if the vulnerabilities were patched, the shell would remain until the network operators removed it.
Now, months later, many of those shells are still in place. And they’re being used by criminal hackers as well.
On Tuesday, the FBI announced that it successfully received a court order to remove “hundreds” of these web shells from networks in the US.
This is nothing short of extraordinary, and I can think of no real-world parallel. It’s kind of like if a criminal organization infiltrated a door-lock company and surreptitiously added a master passkey feature, and then customers bought and installed those locks. And then if the FBI got a court order to fix all the locks to remove the master passkey capability. And it’s kind of not like that. In any case, it’s not what we normally think of when we think of a warrant. The links above have details, but I would like a legal scholar to weigh in on the implications of this.
https://www.schneier.com/blog/archives/2021/04/the-fbi-is-now-securing-networks-without-their-owners-permission.html
#china #courts #cyberespionage #espionage #fbi #microsoft #zeroday
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
FLoC Block
Prevent Federated Learning of Cohorts aka FLoC ad-targeting code from running in Chrome.
FLoC, short for Federated Learning of Cohorts, is the new mechanism used by Google Chrome to group users into buckets based on their interests. You can read more about it here and why Brave and some other browsers have blocked it here. EFF did some analysis as well.
💡 How does this Chrome Extension help?
If you HAVE to use Chrome but don't like the idea of being grouped into a bucket (aka cohort) based on the websites you visit, this extension is a simple way to prevent FLoC from divulging your "cohort id" to websites. The extension removes document.interestCohort() from every page so that a website cannot get your cohort id.
💡 How do I install this extension?
👉🏼 Download flocblock.zip from https://github.com/ShivanKaul/flocblock/releases/latest. Direct link: https://github.com/ShivanKaul/flocblock/releases/download/v0.0.1/flocblock.zip
👉🏼 Extract extension.
👉🏼 Follow the instructions to load into Chrome.
https://github.com/ShivanKaul/flocblock
#floc #block #chrome #browser #tracking #tool
📡 @nogoolag 📡 @blackbox_archiv
Prevent Federated Learning of Cohorts aka FLoC ad-targeting code from running in Chrome.
FLoC, short for Federated Learning of Cohorts, is the new mechanism used by Google Chrome to group users into buckets based on their interests. You can read more about it here and why Brave and some other browsers have blocked it here. EFF did some analysis as well.
💡 How does this Chrome Extension help?
If you HAVE to use Chrome but don't like the idea of being grouped into a bucket (aka cohort) based on the websites you visit, this extension is a simple way to prevent FLoC from divulging your "cohort id" to websites. The extension removes document.interestCohort() from every page so that a website cannot get your cohort id.
💡 How do I install this extension?
👉🏼 Download flocblock.zip from https://github.com/ShivanKaul/flocblock/releases/latest. Direct link: https://github.com/ShivanKaul/flocblock/releases/download/v0.0.1/flocblock.zip
👉🏼 Extract extension.
👉🏼 Follow the instructions to load into Chrome.
https://github.com/ShivanKaul/flocblock
#floc #block #chrome #browser #tracking #tool
📡 @nogoolag 📡 @blackbox_archiv
GitHub
Release FLoC Block · ShivanKaul/flocblock
Contribute to ShivanKaul/flocblock development by creating an account on GitHub.
Strategic autonomy in danger: European Tech companies warn of lowering data protection levels in the EU.
The EU is highly respected internationally for its data protection laws such as the GDPR. Now an EC initiative could be a threat to Europe's strategic autonomy.
Today we are sending an open letter to the European Commission together with #Boxcryptor, #Cryptomator, mail.de, #Mailfence, #Praxonomy, and #Tresorit to draw attention to the dangers of undermining encryption and people's privacy. Mass surveillance will not stop terrorism or child sexual abuse.
Joint open letter for right to privacy
In the course of the initiative "Fighting child sexual abuse: detection, removal, and reporting of illegal content", the European Union plans to abolish the digital privacy of correspondence. In order to automatically detect illegal content, all private chat messages are to be screened in the future. This should also apply to content that has so far been protected with strong end-to-end encryption. If this initiative is implemented according to the current plan it would enormously damage our European ideals and the indisputable foundations of our democracy, namely freedom of expression and the protection of privacy (see EDRi letter). The initiative would also severely harm Europe’s strategic autonomy and thus EU-based companies.
Europe as a global technology leader is respected internationally for its high level of data protection, notably due to the exemplary effect of the GDPR. In an internationally very competitive market, European companies are in first position when it comes to data protection. The EU initiative could now endanger this unique selling point of European IT companies.
https://tutanota.com/blog/posts/european-autonomy-in-danger/
#tutanota #surveillance #gdpr #eu #encryption #privacy #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
The EU is highly respected internationally for its data protection laws such as the GDPR. Now an EC initiative could be a threat to Europe's strategic autonomy.
Today we are sending an open letter to the European Commission together with #Boxcryptor, #Cryptomator, mail.de, #Mailfence, #Praxonomy, and #Tresorit to draw attention to the dangers of undermining encryption and people's privacy. Mass surveillance will not stop terrorism or child sexual abuse.
Joint open letter for right to privacy
In the course of the initiative "Fighting child sexual abuse: detection, removal, and reporting of illegal content", the European Union plans to abolish the digital privacy of correspondence. In order to automatically detect illegal content, all private chat messages are to be screened in the future. This should also apply to content that has so far been protected with strong end-to-end encryption. If this initiative is implemented according to the current plan it would enormously damage our European ideals and the indisputable foundations of our democracy, namely freedom of expression and the protection of privacy (see EDRi letter). The initiative would also severely harm Europe’s strategic autonomy and thus EU-based companies.
Europe as a global technology leader is respected internationally for its high level of data protection, notably due to the exemplary effect of the GDPR. In an internationally very competitive market, European companies are in first position when it comes to data protection. The EU initiative could now endanger this unique selling point of European IT companies.
https://tutanota.com/blog/posts/european-autonomy-in-danger/
#tutanota #surveillance #gdpr #eu #encryption #privacy #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Tutanota
Strategic autonomy in danger: European Tech companies warn of lowering data protection levels in the EU.
The EU is highly respected internationally for its data protection laws such as the GDPR. Now an EC initiative could be a threat to Europe's strategic autonomy.
Analysis_of_Bitcoin_in_Illicit_Finance.pdf
607.5 KB
An Analysis of Bitcoin’s Use in Illicit Finance
New technologies almost always come with both significant benefits for society as well as negative externalities. It is the role of government officials to make policy that allows the benefits to flourish while protecting us from the downsides. As I saw firsthand in my 33-year career at the Central Intelligence Agen-cy, the process our government uses to get this balance right can often be frustratingly slow, but it has ulti-mately and typically met the challenge.
https://cryptoforinnovation.org/resources/Analysis_of_Bitcoin_in_Illicit_Finance.pdf
#pdf #bitcoin #Illicit #finance #cia #analysis
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
New technologies almost always come with both significant benefits for society as well as negative externalities. It is the role of government officials to make policy that allows the benefits to flourish while protecting us from the downsides. As I saw firsthand in my 33-year career at the Central Intelligence Agen-cy, the process our government uses to get this balance right can often be frustratingly slow, but it has ulti-mately and typically met the challenge.
https://cryptoforinnovation.org/resources/Analysis_of_Bitcoin_in_Illicit_Finance.pdf
#pdf #bitcoin #Illicit #finance #cia #analysis
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag