Know and spot the patterns.
the CyberWire
🎧 Know and spot the patterns
Joe shares the heartbreaking tale of a catphishing case that leads to murder. Dave describes a shoe company using an unusual method to trick engagement with an online ad. The catch of the day engages a Nigerian scammer promising a fortune in precious minerals. Dave interview Michael Coates, head of Altitude Networks and former CISO at Twitter.
📻 https://thecyberwire.com/podcasts/cw-podcasts-hh-2019-07-11.html
#HackingHumans #cyberwire #patterns #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Joe shares the heartbreaking tale of a catphishing case that leads to murder. Dave describes a shoe company using an unusual method to trick engagement with an online ad. The catch of the day engages a Nigerian scammer promising a fortune in precious minerals. Dave interview Michael Coates, head of Altitude Networks and former CISO at Twitter.
📻 https://thecyberwire.com/podcasts/cw-podcasts-hh-2019-07-11.html
#HackingHumans #cyberwire #patterns #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Why Facebook should be smashed
A former Obama advisor calls for the revival of an American anti-trust spirit. #Facebook would be vulnerable due to its size, Standard Oil and AT&T would be examples of successful unbundling. He accuses #MarkZuckerberg of illegally taking over #Instagram.
Tim Wu: Facebook's Purchase of Instagram was a Felony
Tim Wu points to the danger that an early and successful Instagram represented to Facebook. The photo-centric platform was a competitor to Mark Zuckerberg's larger company, says #Wu.
📺 https://youtu.be/bqkau41MFvI
#DeleteFacebook #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
A former Obama advisor calls for the revival of an American anti-trust spirit. #Facebook would be vulnerable due to its size, Standard Oil and AT&T would be examples of successful unbundling. He accuses #MarkZuckerberg of illegally taking over #Instagram.
Tim Wu: Facebook's Purchase of Instagram was a Felony
Tim Wu points to the danger that an early and successful Instagram represented to Facebook. The photo-centric platform was a competitor to Mark Zuckerberg's larger company, says #Wu.
📺 https://youtu.be/bqkau41MFvI
#DeleteFacebook #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
This media is not supported in your browser
VIEW IN TELEGRAM
It Wasn’t Me
All the things a bank won’t ask, but a fraudster will! Our latest film “It Wasn’t Me”, in collaboration with the DubaiPoliceHQ, gives you the do’s and don’ts of keeping your identity and account secure at all times.
📺 Dubai Police & Emirates National Bank Dubai
https://mobile.twitter.com/EmiratesNBD_AE/status/1144261859517894658
#music #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
All the things a bank won’t ask, but a fraudster will! Our latest film “It Wasn’t Me”, in collaboration with the DubaiPoliceHQ, gives you the do’s and don’ts of keeping your identity and account secure at all times.
📺 Dubai Police & Emirates National Bank Dubai
https://mobile.twitter.com/EmiratesNBD_AE/status/1144261859517894658
#music #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Facebook’s Algorithm Shapes Our Lives. This Hacker Wants to Find Out How.
Claudio Agosti wants to know what Facebook does with him. The programmer has developed a browser extension that collects data donations from users. He wants to decipher why we only get to see very specific political news – and what Facebook is hiding from us in their News Feed.
Claudio Agosti is laughing. The hacker is giving a talk about how Facebook works at the art festival Transmediale in Berlin. He talks about how the social network weaves its algorithms in order to attract people into their web like spiders do with flies. In his melodic Italian accent, Agosti asks the crowd who would want to make a bet on whether Facebook treats their users in a fair manner.
Agosti straightaway gives the answer himself: “The truth is: nobody wins. In an oppressive system you are just subject to the decisions of someone else”. He grins mischievously. A game of algorithms, their power over the minds of their billions of users – it’s all a sinister joke to Agosti.
Claudio Agosti, 39 years old, bald and sturdy, has spent half his life exploring the impact of modern technology on us. He comes from near Milan and lives in Berlin. Whether you call him a hacker, a privacy activist or a critical researcher does not really matter. Agosti probably knows more about the way Facebook’s algorithms work than anyone who hasn’t worked on them personally.
It has been 10 years since Agosti first wondered how algorithms impact our lives. Back then, he noticed that Google’s search results had become more and more personalized. From a standard of results that were the same for everyone, he observed a filter bubble developing the he fears keeps us ever more encapsulated in the algorithms‘ world.
“Algorithms decide for you what is important”, he says. This is what bothers Agosti, the self-taught programmer who is used to mastering technology. “To be free, an individual should have full control over this logic.” A simple, yet radical thought.
#DeleteFacebook #algorithm #hacker #browser #addon
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Claudio Agosti wants to know what Facebook does with him. The programmer has developed a browser extension that collects data donations from users. He wants to decipher why we only get to see very specific political news – and what Facebook is hiding from us in their News Feed.
Claudio Agosti is laughing. The hacker is giving a talk about how Facebook works at the art festival Transmediale in Berlin. He talks about how the social network weaves its algorithms in order to attract people into their web like spiders do with flies. In his melodic Italian accent, Agosti asks the crowd who would want to make a bet on whether Facebook treats their users in a fair manner.
Agosti straightaway gives the answer himself: “The truth is: nobody wins. In an oppressive system you are just subject to the decisions of someone else”. He grins mischievously. A game of algorithms, their power over the minds of their billions of users – it’s all a sinister joke to Agosti.
Claudio Agosti, 39 years old, bald and sturdy, has spent half his life exploring the impact of modern technology on us. He comes from near Milan and lives in Berlin. Whether you call him a hacker, a privacy activist or a critical researcher does not really matter. Agosti probably knows more about the way Facebook’s algorithms work than anyone who hasn’t worked on them personally.
It has been 10 years since Agosti first wondered how algorithms impact our lives. Back then, he noticed that Google’s search results had become more and more personalized. From a standard of results that were the same for everyone, he observed a filter bubble developing the he fears keeps us ever more encapsulated in the algorithms‘ world.
“Algorithms decide for you what is important”, he says. This is what bothers Agosti, the self-taught programmer who is used to mastering technology. “To be free, an individual should have full control over this logic.” A simple, yet radical thought.
Read without ads n trackers:https://rwtxt.lelux.fi/blackbox/pstrongfacebooks-algorithm-shapes-our-lives-this-hacker-wants-to-find-out-howstrongp
#DeleteFacebook #algorithm #hacker #browser #addon
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Financial Survival in the “Clash of Civilizations”
James joins Melody for his regular bi-monthly appearance on #FinancialSurvival to discuss the latest incident in the Persian Gulf, the future of the global reserve currency, the clash of civilizations, and how Italy is facing off with the European banksters.
📺 #corbettreport #video #podcast
https://www.corbettreport.com/financial-survival-in-the-clash-of-civilizations/
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
James joins Melody for his regular bi-monthly appearance on #FinancialSurvival to discuss the latest incident in the Persian Gulf, the future of the global reserve currency, the clash of civilizations, and how Italy is facing off with the European banksters.
📺 #corbettreport #video #podcast
https://www.corbettreport.com/financial-survival-in-the-clash-of-civilizations/
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Komoot: Facebook goes also on tour
The App Review Week starts with the Android app Komoot (version 9.16.2) - a navigation app for cyclists and hikers. Let's start with the network connections that Komoot establishes during use.
App start: Immediately after start (no user interaction)
[1] Immediately after starting the app, the app contacts Facebook. Among other things, the following information is transmitted [graph.facebook.com]:
👉🏼 Read the fully translated article:
https://rwtxt.lelux.fi/blackbox/pstrongkomoot-facebook-goes-also-on-tourstrong
👉🏼 Source 🇩🇪:
https://www.kuketz-blog.de/komoot-facebook-geht-mit-auf-tour/
#komoot #navigation #app #review #kuketz #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The App Review Week starts with the Android app Komoot (version 9.16.2) - a navigation app for cyclists and hikers. Let's start with the network connections that Komoot establishes during use.
App start: Immediately after start (no user interaction)
[1] Immediately after starting the app, the app contacts Facebook. Among other things, the following information is transmitted [graph.facebook.com]:
Google Advertising ID: advertiser_id = c3639f11-626a-4692-9574-6a0f632e1ea3
Whether Ad-Tracking is enabled / allowed: advertisertrackingenabled = true
One identifier: anon_id = XZce953baa-18a8-42e0-82ad-2d1b3866fe63
Whether app tracking is enabled / allowed: applicationtrackingenabled = true
Further information:Package name of the app: de.komoot.android
Version number of the app: 9.16.2
Android version number: 7.1.2
Device model: Redmi Note 4
Country code: de_DE
Time zone: CEST, Europe/Berlin
Display resolution: 1080×1920
❗️ How critical the integration of Facebook building blocks (SDKs) are with regard to privacy still doesn't seem to have penetrated the app developers - simply irresponsible. The mere transmission of the Google Advertising ID is basically enough for Facebook to establish a link between Facebook users and the data transmitted. The reason: The Facebok app (if installed) also reads the Google Advertising ID. Facebook then has an identifier that they can assign to a person exactly.👉🏼 Read the fully translated article:
https://rwtxt.lelux.fi/blackbox/pstrongkomoot-facebook-goes-also-on-tourstrong
👉🏼 Source 🇩🇪:
https://www.kuketz-blog.de/komoot-facebook-geht-mit-auf-tour/
#komoot #navigation #app #review #kuketz #DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Read emails unobserved: How to protect yourself against tracking pixels in newsletters and Co.
Many services for sending newsletters use tracking pixels to analyze your behavior: Retrieval time of the e-mail, bounce rate, clicked links, location. Here you can find out how it works, why you should fight it and what you can do.
Ping. There's a newsletter coming into your digital mailbox. One click later you'll hopefully be a little smarter. In any case the senders of the newsletter are smarter after your click. They know at what time and where on earth you open the e-mail. They know which links from the newsletter you clicked on and which e-mail program you use. Depending on the newsletter service, you may know even more. Sounds creepy, but is everyday in email marketing.
Many professional newsletters are sent with the software of special service providers. They offer very different services. Tracking of the readers: inside belongs almost always to it. For some it's about being cheap. Others advertise with the fact that they can pursue visitors: inside with the help of individual tags also outside of the E-Mail on the web page of the sender. Still others make so-called A/B testing possible, with which similar target groups are presented different contents, in order to test for example the success of different formulations.
☣️ 1 pixel × 1 pixel = ∞ Tracking
Usually, these providers use HTML emails: that is, they embed the text to be displayed in HTML encodings so that the email becomes prettier and gets more design elements. Images can also be integrated via HTML code. The graphic can either be attached to the e-mail or downloaded externally.
Almost all newsletter services have in common the use of so-called "tracking pixels". They are integrated in the way described above via HTML codes and reloaded by an external server when the e-mail is opened. These tracking graphics are usually one pixel times one pixel in size or completely hidden. For each reader:in, a unique identifier is added to the graphic, which makes it possible to assign the behavior to individual profiles. A link could look like this:
👉🏼 Read the fully translated guide:
https://rwtxt.lelux.fi/blackbox/pstrongread-emails-unobserved-how-to-protect-yourself-against-tracking-pixels-in-newsletters-and-costrongp
👉🏼 Source 🇩🇪:
https://netzpolitik.org/2019/unbeobachtet-mails-lesen-so-schuetzt-ihr-euch-gegen-tracking-pixel-in-newslettern-und-co/#trick-applemail
#mail #tracking #guide #DataProtection #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Many services for sending newsletters use tracking pixels to analyze your behavior: Retrieval time of the e-mail, bounce rate, clicked links, location. Here you can find out how it works, why you should fight it and what you can do.
Ping. There's a newsletter coming into your digital mailbox. One click later you'll hopefully be a little smarter. In any case the senders of the newsletter are smarter after your click. They know at what time and where on earth you open the e-mail. They know which links from the newsletter you clicked on and which e-mail program you use. Depending on the newsletter service, you may know even more. Sounds creepy, but is everyday in email marketing.
Many professional newsletters are sent with the software of special service providers. They offer very different services. Tracking of the readers: inside belongs almost always to it. For some it's about being cheap. Others advertise with the fact that they can pursue visitors: inside with the help of individual tags also outside of the E-Mail on the web page of the sender. Still others make so-called A/B testing possible, with which similar target groups are presented different contents, in order to test for example the success of different formulations.
☣️ 1 pixel × 1 pixel = ∞ Tracking
Usually, these providers use HTML emails: that is, they embed the text to be displayed in HTML encodings so that the email becomes prettier and gets more design elements. Images can also be integrated via HTML code. The graphic can either be attached to the e-mail or downloaded externally.
Almost all newsletter services have in common the use of so-called "tracking pixels". They are integrated in the way described above via HTML codes and reloaded by an external server when the e-mail is opened. These tracking graphics are usually one pixel times one pixel in size or completely hidden. For each reader:in, a unique identifier is added to the graphic, which makes it possible to assign the behavior to individual profiles. A link could look like this:
https://newsletterversand.domain/trackingpixel.gif?identifier=123456789Consequently, the server from which the pixel is loaded can analyze your behavior. A program stores on the server: When exactly was this link retrieved for the first time? And from where? From this it is also possible to determine which links from the newsletter you click on and thus also your more precise interests. The IP address is used to read out your supposed whereabouts.
👉🏼 Read the fully translated guide:
https://rwtxt.lelux.fi/blackbox/pstrongread-emails-unobserved-how-to-protect-yourself-against-tracking-pixels-in-newsletters-and-costrongp
👉🏼 Source 🇩🇪:
https://netzpolitik.org/2019/unbeobachtet-mails-lesen-so-schuetzt-ihr-euch-gegen-tracking-pixel-in-newslettern-und-co/#trick-applemail
#mail #tracking #guide #DataProtection #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Tech billionaire Thiel wants FBI and CIA to investigate Google
According to media reports, tech billionaire Peter Thiel has demanded FBI and CIA investigations against Google. The question is whether the company has been infiltrated by China.
Billionaire investor Peter Thiel said Sunday that the FBI and the CIA should investigate if Google has been infiltrated by Chinese intelligence, according to a report from Axios.
Thiel blasted the Alphabet-owned Google for its work in China, saying the search engine giant was "engaged in the seemingly treasonous decision to work with the Chinese military and not with the US military," according to Axios.
Last year, Google came under fire after it was revealed that the company was working on a controversial project to launch a censored search service in China.
Billionaire investor Peter Thiel said Sunday that the FBI and the CIA should investigate if Google has been infiltrated by Chinese intelligence, according to a report from Axios.
Thiel, a Facebook board member, was speaking at the National Conservatism Conference in Washington, D.C. and his speech focused on three questions that should be presented to the tech giant, Axios said.
"Number one, how many foreign intelligence agencies have infiltrated your Manhattan Project for AI (artificial intelligence)?" Thiel reportedly asked. "Number two, does Google's senior management consider itself to have been thoroughly infiltrated by Chinese intelligence?"
He said those questions "need to be asked by the FBI, by the CIA."
Thiel also blasted Alphabet-owned Google for its work in China.
"Number three, is it because they consider themselves to be so thoroughly infiltrated that they have engaged in the seemingly treasonous decision to work with the Chinese military and not with the US military," Thiel said, according to Axios.
Google did not immediately respond to CNBC's request for comments.
#thiel #CIA #FBI #Google #DeleteGoogle
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
According to media reports, tech billionaire Peter Thiel has demanded FBI and CIA investigations against Google. The question is whether the company has been infiltrated by China.
Billionaire investor Peter Thiel said Sunday that the FBI and the CIA should investigate if Google has been infiltrated by Chinese intelligence, according to a report from Axios.
Thiel blasted the Alphabet-owned Google for its work in China, saying the search engine giant was "engaged in the seemingly treasonous decision to work with the Chinese military and not with the US military," according to Axios.
Last year, Google came under fire after it was revealed that the company was working on a controversial project to launch a censored search service in China.
Billionaire investor Peter Thiel said Sunday that the FBI and the CIA should investigate if Google has been infiltrated by Chinese intelligence, according to a report from Axios.
Thiel, a Facebook board member, was speaking at the National Conservatism Conference in Washington, D.C. and his speech focused on three questions that should be presented to the tech giant, Axios said.
"Number one, how many foreign intelligence agencies have infiltrated your Manhattan Project for AI (artificial intelligence)?" Thiel reportedly asked. "Number two, does Google's senior management consider itself to have been thoroughly infiltrated by Chinese intelligence?"
He said those questions "need to be asked by the FBI, by the CIA."
Thiel also blasted Alphabet-owned Google for its work in China.
"Number three, is it because they consider themselves to be so thoroughly infiltrated that they have engaged in the seemingly treasonous decision to work with the Chinese military and not with the US military," Thiel said, according to Axios.
Google did not immediately respond to CNBC's request for comments.
Read more:https://www.cnbc.com/2019/07/15/peter-thiel-reportedly-says-the-fbi-and-cia-should-investigate-google.html
#thiel #CIA #FBI #Google #DeleteGoogle
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Richard Stallman on Pedophilia
Richard Stallman had a birthday a couple of days ago. On varius forums and subreddits, people were wishing RMS a happy birthday and some were sharing their favorite quotes from Stallman. Some of these quotes I had never read before and, to be honest, kind of shocked me. Not sure I will ever view Richard Stallman the same.
📺 https://www.youtube.com/watch?v=8BDm88o94nk
#RMS #Stallman #pedophilia #thinkabout #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Richard Stallman had a birthday a couple of days ago. On varius forums and subreddits, people were wishing RMS a happy birthday and some were sharing their favorite quotes from Stallman. Some of these quotes I had never read before and, to be honest, kind of shocked me. Not sure I will ever view Richard Stallman the same.
📺 https://www.youtube.com/watch?v=8BDm88o94nk
#RMS #Stallman #pedophilia #thinkabout #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
EU states unanimously vote against stricter export controls for surveillance equipment
The EU wants to more closely control the trade of the European surveillance industry with autocratic regimes. After two years of tough negotiations, the member states have found a „compromise“: they are against anything that could limit the trade of spyware. Germany agreed as well.
Daniel Moßbrucker accompanies the reform of the EU Dual Use Regulation for Reporters Without Borders. The human rights NGO works globally for the protection of journalists and fights against censorship online and offline. (This text is the translation of the original German version.)
On 28 May, the UN special rapporteur on the right to freedom of opinion and expression, David Kaye, appealed to the international community and demanded a moratorium on the sale of spying technology. Everywhere in the world, journalists, activists and opposition members are being monitored with state-of-the-art technology, trade is flourishing – and global regulation is at best in its infancy.
With the same arguments, the EU Commission had already submitted a reform proposal in 2016 for the European control system. The items include hacking software, large data centres for data retention, IMSI catchers for monitoring demonstrations and equipment for telecommunications surveillance.
For more than two years, the EU member states had been arguing fiercely about the Commission’s plans before they presented their „compromise“ exactly one week after Kaye’s demand. They are against any plans that would allow stronger controls on surveillance technology.
Read more:
https://rwtxt.lelux.fi/blackbox/peu-states-unanimously-vote-against-stricter-export-controls-for-surveillance-equipmentp
#EU #surveillance #export #equipment
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The EU wants to more closely control the trade of the European surveillance industry with autocratic regimes. After two years of tough negotiations, the member states have found a „compromise“: they are against anything that could limit the trade of spyware. Germany agreed as well.
Daniel Moßbrucker accompanies the reform of the EU Dual Use Regulation for Reporters Without Borders. The human rights NGO works globally for the protection of journalists and fights against censorship online and offline. (This text is the translation of the original German version.)
On 28 May, the UN special rapporteur on the right to freedom of opinion and expression, David Kaye, appealed to the international community and demanded a moratorium on the sale of spying technology. Everywhere in the world, journalists, activists and opposition members are being monitored with state-of-the-art technology, trade is flourishing – and global regulation is at best in its infancy.
With the same arguments, the EU Commission had already submitted a reform proposal in 2016 for the European control system. The items include hacking software, large data centres for data retention, IMSI catchers for monitoring demonstrations and equipment for telecommunications surveillance.
For more than two years, the EU member states had been arguing fiercely about the Commission’s plans before they presented their „compromise“ exactly one week after Kaye’s demand. They are against any plans that would allow stronger controls on surveillance technology.
Read more:
https://rwtxt.lelux.fi/blackbox/peu-states-unanimously-vote-against-stricter-export-controls-for-surveillance-equipmentp
#EU #surveillance #export #equipment
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System
Apps can also access tracking data without authorization
The Android permission model can be circumvented with tricks. A study found 1,325 apps that can access the corresponding data even without authorization.
The Android authorization system is designed to protect particularly sensitive data. Only when the user grants an app the corresponding authorization can it access the location or the device ID, for example. However, some applications bypass the permissions by accessing the corresponding data in other ways. Researchers at Berkeley University (USA), the IMDEA Networks Institute (Spain) and the University of Calgary (Canada) found this out.
PDF:
https://www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf
#android #data #circumvent #tracking #authorization #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Apps can also access tracking data without authorization
The Android permission model can be circumvented with tricks. A study found 1,325 apps that can access the corresponding data even without authorization.
The Android authorization system is designed to protect particularly sensitive data. Only when the user grants an app the corresponding authorization can it access the location or the device ID, for example. However, some applications bypass the permissions by accessing the corresponding data in other ways. Researchers at Berkeley University (USA), the IMDEA Networks Institute (Spain) and the University of Calgary (Canada) found this out.
PDF:
https://www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf
#android #data #circumvent #tracking #authorization #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Audio
🎧 The Internet’s Carbon Footprint
Manoush Zomorodi explores the surprising environmental impact of the internet in this episode of IRL. Because while it’s easy to think of the internet as living only on your screen, energy demand for the internet is indeed powered by massive server farms, running around the clock, all over the world. What exactly is the internet’s carbon footprint? And, what can we do about it?
📻 https://irlpodcast.org/
#IRL #carbon #footprint #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Manoush Zomorodi explores the surprising environmental impact of the internet in this episode of IRL. Because while it’s easy to think of the internet as living only on your screen, energy demand for the internet is indeed powered by massive server farms, running around the clock, all over the world. What exactly is the internet’s carbon footprint? And, what can we do about it?
📻 https://irlpodcast.org/
#IRL #carbon #footprint #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
(Can’t) Picture This 2 An Analysis of WeChat’s Realtime Image Filtering in Chats
Key Findings:
👁🗨 WeChat implements realtime, automatic censorship of chat images based on text contained in images and on an image’s visual similarity to those on a blacklist
👁🗨 WeChat facilitates realtime filtering by maintaining a hash index populated by MD5 hashes of images sent by users of the chat platform
👁🗨 We compare levels of filtering across WeChat’s Moments, group chat, and 1-to-1 chat features and find that each has different images censored; we find that Moments and group chat are generally more heavily filtered than 1-to-1
👁🗨 WeChat targets predominantly political content including images pertaining to government and social resistance
👁🗨 WeChat’s image censorship is reactive to news events; we found censored images covering a wide range of events, including the arrest of Huawei’s CFO, the Sino-US Trade War, and the 2018 US Midterm Elections
https://citizenlab.ca/2019/07/cant-picture-this-2-an-analysis-of-wechats-realtime-image-filtering-in-chats/
#WeChat #filter #realtime #images #china #censorship
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Key Findings:
👁🗨 WeChat implements realtime, automatic censorship of chat images based on text contained in images and on an image’s visual similarity to those on a blacklist
👁🗨 WeChat facilitates realtime filtering by maintaining a hash index populated by MD5 hashes of images sent by users of the chat platform
👁🗨 We compare levels of filtering across WeChat’s Moments, group chat, and 1-to-1 chat features and find that each has different images censored; we find that Moments and group chat are generally more heavily filtered than 1-to-1
👁🗨 WeChat targets predominantly political content including images pertaining to government and social resistance
👁🗨 WeChat’s image censorship is reactive to news events; we found censored images covering a wide range of events, including the arrest of Huawei’s CFO, the Sino-US Trade War, and the 2018 US Midterm Elections
https://citizenlab.ca/2019/07/cant-picture-this-2-an-analysis-of-wechats-realtime-image-filtering-in-chats/
#WeChat #filter #realtime #images #china #censorship
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
The WORST Part of the Epstein Case – #PropagandaWatch
According to the dinosaur media, the worst part about the exposure of Jeffrey #Epstein’s child sex trafficking and high-level #blackmail operation is that it bolsters #conspiracy theories about child sex trafficking and elite corruption.
❗️Newsflash: they’re trying to gaslight you. Don’t fall for it for a second.
📺 https://www.corbettreport.com/the-worst-part-of-the-epstein-case-propagandawatch/
#corbettreport #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
According to the dinosaur media, the worst part about the exposure of Jeffrey #Epstein’s child sex trafficking and high-level #blackmail operation is that it bolsters #conspiracy theories about child sex trafficking and elite corruption.
❗️Newsflash: they’re trying to gaslight you. Don’t fall for it for a second.
📺 https://www.corbettreport.com/the-worst-part-of-the-epstein-case-propagandawatch/
#corbettreport #video #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Security reports reveal how Assange turned an embassy into a command post for election meddling
New documents obtained exclusively by CNN reveal that WikiLeaks founder Julian Assange received in-person deliveries, potentially of hacked materials related to the 2016 US election, during a series of suspicious meetings at the Ecuadorian Embassy in London.
The documents build on the possibility, raised by special counsel Robert Mueller in his report on Russian meddling, that couriers brought hacked files to Assange at the embassy.
The surveillance reports also describe how Assange turned the embassy into a command center and orchestrated a series of damaging disclosures that rocked the 2016 presidential campaign in the United States.
Despite being confined to the embassy while seeking safe passage to Ecuador, Assange met with Russians and world-class hackers at critical moments, frequently for hours at a time. He also acquired powerful new computing and network hardware to facilitate data transfers just weeks before WikiLeaks received hacked materials from Russian operatives.
These stunning details come from hundreds of surveillance reports compiled for the Ecuadorian government by UC Global, a private Spanish security company, and obtained by CNN. They chronicle Assange’s movements and provide an unprecedented window into his life at the embassy. They also add a new dimension to the Mueller report, which cataloged how WikiLeaks helped the Russians undermine the US election.
An Ecuadorian intelligence official told CNN that the surveillance reports are authentic.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/exclusive-security-reports-reveal-how-assange-turned-an-embassy-into-a-command-post-for-election-meddling
#FreeAssange #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
New documents obtained exclusively by CNN reveal that WikiLeaks founder Julian Assange received in-person deliveries, potentially of hacked materials related to the 2016 US election, during a series of suspicious meetings at the Ecuadorian Embassy in London.
The documents build on the possibility, raised by special counsel Robert Mueller in his report on Russian meddling, that couriers brought hacked files to Assange at the embassy.
The surveillance reports also describe how Assange turned the embassy into a command center and orchestrated a series of damaging disclosures that rocked the 2016 presidential campaign in the United States.
Despite being confined to the embassy while seeking safe passage to Ecuador, Assange met with Russians and world-class hackers at critical moments, frequently for hours at a time. He also acquired powerful new computing and network hardware to facilitate data transfers just weeks before WikiLeaks received hacked materials from Russian operatives.
These stunning details come from hundreds of surveillance reports compiled for the Ecuadorian government by UC Global, a private Spanish security company, and obtained by CNN. They chronicle Assange’s movements and provide an unprecedented window into his life at the embassy. They also add a new dimension to the Mueller report, which cataloged how WikiLeaks helped the Russians undermine the US election.
An Ecuadorian intelligence official told CNN that the surveillance reports are authentic.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/exclusive-security-reports-reveal-how-assange-turned-an-embassy-into-a-command-post-for-election-meddling
#FreeAssange #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Shelter: Isolate Big Brother apps - Take back control! (Part 7)
1. Big Data
The collection, processing and analysis of as much information as possible is Big Data’s core business. In this non-transparent data processing, which is determined by algorithms, personal rights are hardly taken into consideration. This dilemma becomes particularly clear in the Android world: Apps access personal data uninhibitedly and send it unsolicited to the most diverse protagonists. This is exactly what the article series “Take back control!” wants to protect against.
Another piece of the puzzle to achieve this goal is the App Shelter, which locks selected Android apps in a sandbox, depriving them of access to phone books, calendars, images and other data. Curious apps can thus be denied access to sensitive user data.
💡 This article is part of a series of articles:
✅ Android without Google: Take back control! Part 1
✅ LineageOS - Take back control! Part2
✅ Magisk: By the power of Root - Take back control! Part 3 (not yet translated)
✅ AFWall+: Digital Door Controller - Take back control! Part 4
✅ F-Droid: Free and Open Source Apps - Take back control! Part 5
✅ AdAway: Advertising and tracking blocker - Take back control! Part 6
✅ Shelter: Isolate Big Brother apps - Take back control! Part 7
2. Shelter
Shelter is an open source app for Android that can be downloaded from the App-Store F-Droid. Alternatively the app can be downloaded via GitHub or the Google Play Store.
To separate apps, Shelter uses the Android work profiles that Google introduced as early as 2015 to separate private data from business content or apps. The work profile is a specially isolated area in which, for example, data-hungry apps can be stored. In addition to the normal environment in which all apps are normally located, Shelter creates another workspace that is logically separated from the other workspace. From this bunker (Shelter) apps can not access data which are in the normal environment - but all data of apps which are also stored or locked in the Shelter.
👉🏼 Read the fully translated guide:
https://rwtxt.lelux.fi/blackbox/shelter-isolate-big-brother-apps-take-back-control-part-7
👉🏼 Source 🇩🇪:
https://www.kuketz-blog.de/shelter-big-brother-apps-isolieren-take-back-control-teil7/
#android #shelter #NoGoogle #guide #part1 #part2 #part4 #part5 #part6 #part7 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
1. Big Data
The collection, processing and analysis of as much information as possible is Big Data’s core business. In this non-transparent data processing, which is determined by algorithms, personal rights are hardly taken into consideration. This dilemma becomes particularly clear in the Android world: Apps access personal data uninhibitedly and send it unsolicited to the most diverse protagonists. This is exactly what the article series “Take back control!” wants to protect against.
Another piece of the puzzle to achieve this goal is the App Shelter, which locks selected Android apps in a sandbox, depriving them of access to phone books, calendars, images and other data. Curious apps can thus be denied access to sensitive user data.
💡 This article is part of a series of articles:
✅ Android without Google: Take back control! Part 1
✅ LineageOS - Take back control! Part2
✅ Magisk: By the power of Root - Take back control! Part 3 (not yet translated)
✅ AFWall+: Digital Door Controller - Take back control! Part 4
✅ F-Droid: Free and Open Source Apps - Take back control! Part 5
✅ AdAway: Advertising and tracking blocker - Take back control! Part 6
✅ Shelter: Isolate Big Brother apps - Take back control! Part 7
2. Shelter
Shelter is an open source app for Android that can be downloaded from the App-Store F-Droid. Alternatively the app can be downloaded via GitHub or the Google Play Store.
To separate apps, Shelter uses the Android work profiles that Google introduced as early as 2015 to separate private data from business content or apps. The work profile is a specially isolated area in which, for example, data-hungry apps can be stored. In addition to the normal environment in which all apps are normally located, Shelter creates another workspace that is logically separated from the other workspace. From this bunker (Shelter) apps can not access data which are in the normal environment - but all data of apps which are also stored or locked in the Shelter.
👉🏼 Read the fully translated guide:
https://rwtxt.lelux.fi/blackbox/shelter-isolate-big-brother-apps-take-back-control-part-7
👉🏼 Source 🇩🇪:
https://www.kuketz-blog.de/shelter-big-brother-apps-isolieren-take-back-control-teil7/
#android #shelter #NoGoogle #guide #part1 #part2 #part4 #part5 #part6 #part7 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Amazon is listening to your kids and visitors, warns German parliament report
Smart speakers like Alexa not only store the voices of their registered users, but also those of children and unsuspecting guests. This constitutes a legal problem, says a report commissioned by the German parliament.
Amazon’s voice assistant listens far more often than people might know. Alexa does not only pick up the voices of adults who consciously interact with the system, but also those of others who do not know the assistant is recording them. That could be a visitor or a minor.
This function of Alexa is now subject of a report by the Research Service of the German parliament, the Bundestag. The service is impartial, researching and analysing information on behalf of committees and by request of members of parliament. The paper examines whether the recording, trannoscription and evaluation of voice recordings by Amazon are legal under German law.
When Alexa is first installed, users must give their consent to the processing and storage of their data. The mandatory information about the use and administration of their data is described sufficiently on Amazon’s website and in the Alexa app, according to the experts. Users can manage and delete the stored data in their profile. However, it remains unclear for how long Amazon stores the voice recordings and how often the software records unintended noises and conversations.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/amazon-is-listening-to-your-kids-and-visitors-warns-german-parliament-report
#DeleteAmazon #Alexa #DataProtection #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Smart speakers like Alexa not only store the voices of their registered users, but also those of children and unsuspecting guests. This constitutes a legal problem, says a report commissioned by the German parliament.
Amazon’s voice assistant listens far more often than people might know. Alexa does not only pick up the voices of adults who consciously interact with the system, but also those of others who do not know the assistant is recording them. That could be a visitor or a minor.
This function of Alexa is now subject of a report by the Research Service of the German parliament, the Bundestag. The service is impartial, researching and analysing information on behalf of committees and by request of members of parliament. The paper examines whether the recording, trannoscription and evaluation of voice recordings by Amazon are legal under German law.
When Alexa is first installed, users must give their consent to the processing and storage of their data. The mandatory information about the use and administration of their data is described sufficiently on Amazon’s website and in the Alexa app, according to the experts. Users can manage and delete the stored data in their profile. However, it remains unclear for how long Amazon stores the voice recordings and how often the software records unintended noises and conversations.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/amazon-is-listening-to-your-kids-and-visitors-warns-german-parliament-report
#DeleteAmazon #Alexa #DataProtection #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
SwiftKey: BlackBox with permanent tracking
On the fourth day of the App Review Week, I test the Android app SwiftKey (version 7.3.3.12) - a keyboard app from Microsoft that accepts input via wipe gestures. Let’s start with the network connections that SwiftKey establishes during use.
App start: Immediately after start (no user interaction)
[1] Immediately after startup, the app contacts the SwiftKey servers [jenson.api.swiftkey.com] to update LanguagePack information:
👉🏼 Full translated review:
https://rwtxt.lelux.fi/blackbox/swiftkey-blackbox-with-permanent-tracking
Source 🇩🇪:
https://www.kuketz-blog.de/swiftkey-blackbox-mit-dauerhaftem-tracking/
#SwifkKey #App #review #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
On the fourth day of the App Review Week, I test the Android app SwiftKey (version 7.3.3.12) - a keyboard app from Microsoft that accepts input via wipe gestures. Let’s start with the network connections that SwiftKey establishes during use.
App start: Immediately after start (no user interaction)
[1] Immediately after startup, the app contacts the SwiftKey servers [jenson.api.swiftkey.com] to update LanguagePack information:
GET /swiftkey/sksdk-3.0/sk-7.3.3/market/languagePacksSSL.json HTTP/1.1 Accept-Encoding: gzip, deflate Range: bytes=0- User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Mi A1 Build/PQ3A.190705.003) Host: jenson.api.swiftkey.com Connection: close[2] The updates for the language packs (LanguagePacks) are then downloaded via a cloudfront server
[d4kkhvu20wq9i.cloudfront.net]:👉🏼 Full translated review:
https://rwtxt.lelux.fi/blackbox/swiftkey-blackbox-with-permanent-tracking
Source 🇩🇪:
https://www.kuketz-blog.de/swiftkey-blackbox-mit-dauerhaftem-tracking/
#SwifkKey #App #review #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Firefox classifies HTTP websites as insecure in the future
The function is active and works in Firefox 70. The function is currently available only in the Nightly Channel. But Firefox 68 can also be configured manually so that the URLs of unencrypted websites are provided with a crossed-out lock and the addition "Not secure".
💡 According to the report, the security warning is now activated in the Nightly version of Firefox 70.
Users of the current version 68 can already unlock the feature via the configuration page "
You simply have to change the following settings by double clicking to "True":
„
„
„
„
„
https://www.ghacks.net/2019/07/18/firefox-to-mark-all-http-sites-as-not-secure/
#mozilla #firefox #browser #tip #tricks #HTTP #encryption
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
The function is active and works in Firefox 70. The function is currently available only in the Nightly Channel. But Firefox 68 can also be configured manually so that the URLs of unencrypted websites are provided with a crossed-out lock and the addition "Not secure".
💡 According to the report, the security warning is now activated in the Nightly version of Firefox 70.
Users of the current version 68 can already unlock the feature via the configuration page "
about:config".You simply have to change the following settings by double clicking to "True":
„
about:config“„
security.insecure_connection_icon.enabled“„
security.insecure_connection_icon.pbmode.enabled“„
security.insecure_connection_text.enabled“„
security.insecure_connection_text.pbmode.enabled“ https://www.ghacks.net/2019/07/18/firefox-to-mark-all-http-sites-as-not-secure/
#mozilla #firefox #browser #tip #tricks #HTTP #encryption
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Amazon is turning advertising into its next huge business — here’s how
☢️ Amazon has built a huge advertising business. Here’s a little more about how it all works.
☢️ The e-commerce giant lets advertisers reach consumers through product ads or even videos on third-party websites.
☢️ While shopping on Prime Day, this is how to spot and understand some of the ad products used to encourage you to buy certain products.
If you were browsing Amazon in search of deals for Prime Day, you undoubtedly came across a lot of ads. That’s because Amazon has a trove of information about buying habits that makes it a valuable place for advertisers.
Think about it: Amazon knows the last time you bought toothpaste on the site and which brand you typically like to buy. Advertisers can use that information to try to get you to buy their brand of toothpaste right when you’re running low.
Other advertisers can use Amazon to target ads, even if they’re selling products that you can’t necessarily buy on Amazon, like insurance or a car. These advertisers can use Amazon’s extensive customer data to figure out who might buy their product or services, and they can use Amazon’s ad products to reach those people, both on Amazon’s properties and through a network of third-party sites.
This rich trove of data has made Amazon into the third-largest digital ad platform in the U.S. and a growing contender to take on the digital ad duopoly of Google and Facebook. Earlier this year, eMarketer said it expected Amazon to claim 8.8% of U.S. digital ad spend in 2019, up from 6.8% in 2018, while expecting Google to drop from 38.2% to 37.2%. Meanwhile, Facebook was expected to pull 22.1% of digital ad spend in 2019, up very slightly from 21.8%. Amazon’s net sales in its “other” category, which consists primarily of advertising sales, was $2.72 billion in the first quarter.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/amazon-is-turning-advertising-into-its-next-huge-business-heres-how
#DeleteAmazon #advertising #business
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
☢️ Amazon has built a huge advertising business. Here’s a little more about how it all works.
☢️ The e-commerce giant lets advertisers reach consumers through product ads or even videos on third-party websites.
☢️ While shopping on Prime Day, this is how to spot and understand some of the ad products used to encourage you to buy certain products.
If you were browsing Amazon in search of deals for Prime Day, you undoubtedly came across a lot of ads. That’s because Amazon has a trove of information about buying habits that makes it a valuable place for advertisers.
Think about it: Amazon knows the last time you bought toothpaste on the site and which brand you typically like to buy. Advertisers can use that information to try to get you to buy their brand of toothpaste right when you’re running low.
Other advertisers can use Amazon to target ads, even if they’re selling products that you can’t necessarily buy on Amazon, like insurance or a car. These advertisers can use Amazon’s extensive customer data to figure out who might buy their product or services, and they can use Amazon’s ad products to reach those people, both on Amazon’s properties and through a network of third-party sites.
This rich trove of data has made Amazon into the third-largest digital ad platform in the U.S. and a growing contender to take on the digital ad duopoly of Google and Facebook. Earlier this year, eMarketer said it expected Amazon to claim 8.8% of U.S. digital ad spend in 2019, up from 6.8% in 2018, while expecting Google to drop from 38.2% to 37.2%. Meanwhile, Facebook was expected to pull 22.1% of digital ad spend in 2019, up very slightly from 21.8%. Amazon’s net sales in its “other” category, which consists primarily of advertising sales, was $2.72 billion in the first quarter.
👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/amazon-is-turning-advertising-into-its-next-huge-business-heres-how
#DeleteAmazon #advertising #business
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
Newly Discovered Malware Framework Cashing in on Ad Fraud
A newly discovered malware framework is responsible for more than one billion fraudulent ad impressions in the past three months, generating its operators significant Google AdSense revenue on a monthly basis.
Flashpoint researchers uncovered the framework, which features three separate stages that ultimately install a malicious browser extension designed to perform fraudulent AdSense impressions, as well as generate likes on YouTube videos and watch hidden Twitch streams.
The framework is designed to pad statistics on social sites and ad impressions, creating revenue for its operators who are using a botnet to attack the content and advertising platforms by spreading the malware and targeting browsers including Google Chrome, Mozilla Firefox, and Yandex’s browser.
Most video and streaming services have tiers for their content producers, which calculates how much they are paid for their content. Content producers benefit financially from higher counts, which can lead to some unscrupulous behavior.
Flashpoint researchers found code, for example, that looks for YouTube referrers and then injects a new noscript tag to load code for YouTube. In this case, the injected JavaScript has an extensive amount of code that is designed to like videos, most of which are related to political topics in Russia. Separately, researchers also found code that injects an iframe into the browser designed to play a hidden Twitch stream, padding the viewer stats for the streamer on that page.
Read more:
https://www.flashpoint-intel.com/blog/newly-discovered-malware-framework-cashing-in-on-ad-fraud/
#malware #malicious #framework #AdFraud #AdSense #browser #extension
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN
A newly discovered malware framework is responsible for more than one billion fraudulent ad impressions in the past three months, generating its operators significant Google AdSense revenue on a monthly basis.
Flashpoint researchers uncovered the framework, which features three separate stages that ultimately install a malicious browser extension designed to perform fraudulent AdSense impressions, as well as generate likes on YouTube videos and watch hidden Twitch streams.
The framework is designed to pad statistics on social sites and ad impressions, creating revenue for its operators who are using a botnet to attack the content and advertising platforms by spreading the malware and targeting browsers including Google Chrome, Mozilla Firefox, and Yandex’s browser.
Most video and streaming services have tiers for their content producers, which calculates how much they are paid for their content. Content producers benefit financially from higher counts, which can lead to some unscrupulous behavior.
Flashpoint researchers found code, for example, that looks for YouTube referrers and then injects a new noscript tag to load code for YouTube. In this case, the injected JavaScript has an extensive amount of code that is designed to like videos, most of which are related to political topics in Russia. Separately, researchers also found code that injects an iframe into the browser designed to play a hidden Twitch stream, padding the viewer stats for the streamer on that page.
Read more:
https://www.flashpoint-intel.com/blog/newly-discovered-malware-framework-cashing-in-on-ad-fraud/
#malware #malicious #framework #AdFraud #AdSense #browser #extension
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN