This media is not supported in your browser
VIEW IN TELEGRAM
Vincent Canfield - 36C3 Staff Brutally Assaulted Me for Political Reasons
On Saturday night (Sunday morning) at around 4:30AM my friend and I were the victim of a brutal assault that was started, escalated, and carried out by the most senior members of the Orga group of the Chaos Communication Congress. If it were not for the evidence we collected, you would think I was crazy. But these abuses are very real.
https://vc.gg/blog/36c3-staff-assaulted-me-for-political-reasons.html
https://twitter.com/gexcolo/status/1211268694741061632?s=19
#CCC #36c3 #Canfield #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
On Saturday night (Sunday morning) at around 4:30AM my friend and I were the victim of a brutal assault that was started, escalated, and carried out by the most senior members of the Orga group of the Chaos Communication Congress. If it were not for the evidence we collected, you would think I was crazy. But these abuses are very real.
https://vc.gg/blog/36c3-staff-assaulted-me-for-political-reasons.html
https://twitter.com/gexcolo/status/1211268694741061632?s=19
#CCC #36c3 #Canfield #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
The KGB Hack: 30 Years Later
The 36C3 seems an excellent opportunity to take a look back at the instance of hacking which, even more so than previous events like the BTX and NASA Hacks, brought the CCC into the focus of the (West-)German public – and, additionally, the Federal Office for the Protection of the Constitution (Verfassungsschutz) and the Federal Intelligence Service (Bundesnachrichtendienst).
⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.
https://media.ccc.de/v/36c3-11031-the_kgb_hack_30_years_later
#video #CCC #36c3 #KGB #hacking
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
The 36C3 seems an excellent opportunity to take a look back at the instance of hacking which, even more so than previous events like the BTX and NASA Hacks, brought the CCC into the focus of the (West-)German public – and, additionally, the Federal Office for the Protection of the Constitution (Verfassungsschutz) and the Federal Intelligence Service (Bundesnachrichtendienst).
⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.
https://media.ccc.de/v/36c3-11031-the_kgb_hack_30_years_later
#video #CCC #36c3 #KGB #hacking
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Septor 2020
Septor Linux is a operating system that provides users with a perfect computing environment for surfing the Internet anonymously. Septor providing users with a stable and reliable distribution that is based on Debian GNU/Linux and works on a wide range of computers. Distribution featuring a customised KDE Plasma deskop and Tor technologies.
Linux Kernel 5.3 Plasma 5.14.5
Software Management: Synaptic, GDebi
Internet: Tor Browser, Thunderbird, Ricochet IM, HexChat, QuiteRSS, OnionShare
Utilities: Gufw, Konsole, Ark, Image Writer, Bootiso, Sweeper, KGpg, Kleopatra, MAT, KWallet, VeraCrypt
Graphics / Multimedia: GIMP, Gwenview. VLC, K3b, Guvcview
Office: LibreOffice, Kontact, КOrganizer, Okular, Kwrite, Kate, Eqonomize
https://septor.sourceforge.io/
#Septor #Linux #Debian
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Septor Linux is a operating system that provides users with a perfect computing environment for surfing the Internet anonymously. Septor providing users with a stable and reliable distribution that is based on Debian GNU/Linux and works on a wide range of computers. Distribution featuring a customised KDE Plasma deskop and Tor technologies.
Linux Kernel 5.3 Plasma 5.14.5
Software Management: Synaptic, GDebi
Internet: Tor Browser, Thunderbird, Ricochet IM, HexChat, QuiteRSS, OnionShare
Utilities: Gufw, Konsole, Ark, Image Writer, Bootiso, Sweeper, KGpg, Kleopatra, MAT, KWallet, VeraCrypt
Graphics / Multimedia: GIMP, Gwenview. VLC, K3b, Guvcview
Office: LibreOffice, Kontact, КOrganizer, Okular, Kwrite, Kate, Eqonomize
https://septor.sourceforge.io/
#Septor #Linux #Debian
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Obscurix: Linux Live System for privacy, security and anonymity
#Obscurix is a new open source #Live operating system based on #Arch #Linux. Obscurix attaches great importance to your #privacy, #security and #anonymity on the net. The live operating system routes all your traffic quite securely through the #Tor# network and also supports many other networks like #I2P and #Freenet.
Privacy, Security and Anonymity
To get it straight up front: Obscurix does not want to be a Linux operating system for pentesters. Even if you mainly want to play games on your computer, you better find something else. Obscurix is simply a secure and easy to use live operating system. In addition, the developers have done a lot to make it resistant against various forms of tracking and #surveillance. As a user you don't have to configure much, which makes it easy to get started.
One of the big differences between this and other Linux operating systems is the special focus on privacy, security and anonymity. Therefore Obscurix is not an operating system that you should install on your hard disk. As a pure live operating system it runs only in the memory of your computer. During shutdown the #OS automatically deletes all digital "traces" that third parties could otherwise evaluate later.
Continue on:
https://tarnkappe.info/obscurix-linux-live-system-fuer-privatsphaere-sicherheit-und-anonymitaet/
👉🏼 Obscurix:
https://obscurix.github.io/
👉🏼 ObscurixOS TG support group:
https://news.1rj.ru/str/Obscurix_OS
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
#Obscurix is a new open source #Live operating system based on #Arch #Linux. Obscurix attaches great importance to your #privacy, #security and #anonymity on the net. The live operating system routes all your traffic quite securely through the #Tor# network and also supports many other networks like #I2P and #Freenet.
Privacy, Security and Anonymity
To get it straight up front: Obscurix does not want to be a Linux operating system for pentesters. Even if you mainly want to play games on your computer, you better find something else. Obscurix is simply a secure and easy to use live operating system. In addition, the developers have done a lot to make it resistant against various forms of tracking and #surveillance. As a user you don't have to configure much, which makes it easy to get started.
One of the big differences between this and other Linux operating systems is the special focus on privacy, security and anonymity. Therefore Obscurix is not an operating system that you should install on your hard disk. As a pure live operating system it runs only in the memory of your computer. During shutdown the #OS automatically deletes all digital "traces" that third parties could otherwise evaluate later.
Continue on:
https://tarnkappe.info/obscurix-linux-live-system-fuer-privatsphaere-sicherheit-und-anonymitaet/
👉🏼 Obscurix:
https://obscurix.github.io/
👉🏼 ObscurixOS TG support group:
https://news.1rj.ru/str/Obscurix_OS
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’
Company’s work in 68 countries laid bare with release of more than 100,000 documents
An explosive #leak of tens of thousands of documents from the defunct data firm #CambridgeAnalytica is set to expose the inner workings of the company that collapsed after the Observer revealed it had misappropriated 87 million #Facebook profiles.
More than 100,000 documents relating to work in 68 countries that will lay bare the global infrastructure of an operation used to manipulate voters on “an industrial scale” is set to be released over the next months.
It comes as Christopher Steele, the ex-head of MI6’s Russia desk and the intelligence expert behind the so-called “Steele dossier” into Trump’s relationship with Russia, said that while the company had closed down, the failure to properly punish bad actors meant that the prospects for manipulation of the US election this year were even worse.
The release of documents began on New Year’s Day on an anonymous Twitter account, @HindsightFiles, with links to material on elections in Malaysia, Kenya and Brazil. The documents were revealed to have come from Brittany Kaiser, an ex-Cambridge Analytica employee turned whistleblower, and to be the same ones subpoeaned by Robert Mueller’s investigation into Russian interference in the 2016 presidential election.
Kaiser, who starred in the Oscar-shortlisted Netflix documentary The Great Hack, decided to go public after last month’s election in Britain. “It’s so abundantly clear our electoral systems are wide open to abuse,” she said. “I’m very fearful about what is going to happen in the US election later this year, and I think one of the few ways of protecting ourselves is to get as much information out there as possible.”
Read more:
https://www.theguardian.com/uk-news/2020/jan/04/cambridge-analytica-data-leak-global-election-manipulation
#DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Company’s work in 68 countries laid bare with release of more than 100,000 documents
An explosive #leak of tens of thousands of documents from the defunct data firm #CambridgeAnalytica is set to expose the inner workings of the company that collapsed after the Observer revealed it had misappropriated 87 million #Facebook profiles.
More than 100,000 documents relating to work in 68 countries that will lay bare the global infrastructure of an operation used to manipulate voters on “an industrial scale” is set to be released over the next months.
It comes as Christopher Steele, the ex-head of MI6’s Russia desk and the intelligence expert behind the so-called “Steele dossier” into Trump’s relationship with Russia, said that while the company had closed down, the failure to properly punish bad actors meant that the prospects for manipulation of the US election this year were even worse.
The release of documents began on New Year’s Day on an anonymous Twitter account, @HindsightFiles, with links to material on elections in Malaysia, Kenya and Brazil. The documents were revealed to have come from Brittany Kaiser, an ex-Cambridge Analytica employee turned whistleblower, and to be the same ones subpoeaned by Robert Mueller’s investigation into Russian interference in the 2016 presidential election.
Kaiser, who starred in the Oscar-shortlisted Netflix documentary The Great Hack, decided to go public after last month’s election in Britain. “It’s so abundantly clear our electoral systems are wide open to abuse,” she said. “I’m very fearful about what is going to happen in the US election later this year, and I think one of the few ways of protecting ourselves is to get as much information out there as possible.”
Read more:
https://www.theguardian.com/uk-news/2020/jan/04/cambridge-analytica-data-leak-global-election-manipulation
#DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
🔥1
Serious cyber-attack on Austria's foreign ministry
Austria's foreign ministry has been targeted by a cyber-attack that is suspected to have been conducted by another country.
The ministry said the seriousness of the attack suggested it might have been carried out by a "state actor".
The hack started on Saturday night and experts warn it could continue for several days.
The breach occurred on the same day Austria's Green party backed forming a coalition with conservatives .
It was recognised very quickly and countermeasures taken immediately, the foreign ministry said in a statement.
"Despite all intensive security measures, there is never 100% protection against cyber-attacks," the ministry said.
https://www.bbc.com/news/world-europe-50997773
https://www.rte.ie/news/world/2020/0105/1104411-austria-cyber-attack/
#austria #cyberattack #stateactor #hacker #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Austria's foreign ministry has been targeted by a cyber-attack that is suspected to have been conducted by another country.
The ministry said the seriousness of the attack suggested it might have been carried out by a "state actor".
The hack started on Saturday night and experts warn it could continue for several days.
The breach occurred on the same day Austria's Green party backed forming a coalition with conservatives .
It was recognised very quickly and countermeasures taken immediately, the foreign ministry said in a statement.
"Despite all intensive security measures, there is never 100% protection against cyber-attacks," the ministry said.
https://www.bbc.com/news/world-europe-50997773
https://www.rte.ie/news/world/2020/0105/1104411-austria-cyber-attack/
#austria #cyberattack #stateactor #hacker #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Interview: Vincent Canfield from cock.li comments on his expulsion from the 36C3
In our conversation Vincent Canfield tells us how the violent expulsion from 36C3 happened from his point of view. Vincent is not exactly an undisputed personality, to put it objectively. He tells us how he came up with the idea of founding his e-mail service cock.li. We also learn about Vincent’s political view of the world or how seriously he thinks cock.li should be taken. Of course we also talk to him about the „unpleasant“ moments he unfortunately had to experience at this year’s Chaos Communication Congress (36C3) in Leipzig. The man from the National.Shitposting.Agency (NSA?)had to face some questions in our interview.
Vincent Canfield: a topic about which people elsewhere prefer to remain silent?
No year should end without the annual Chaos Communication Congress (36C3). Also this year, one headline quickly followed the next. As has been the case for many years, the media have taken up the topics of the Chaos Communication Congress. Whether it’s about hacking in general, data protection or autonomous driving, 5G networks or the final proof that Deutsche Bahn is indeed unpunctual. As every year, everything was reported in detail. Apparently, (almost) nobody wanted to report on just one topic until today: Vincent Canfield, the head of cock.li, has obviously been thrown out of this year’s 36C3 congress in a rather unpleasant way.
👉🏼 The interview in english:
https://tarnkappe.info/vincent-canfield-from-cock-li-comments-on-his-expulsion-from-the-36c3/
👉🏼 The interview in german:
https://tarnkappe.info/interview-vincent-canfields-meinung-zu-cock-li-und-ueber-den-ccc/
https://twitter.com/gexcolo/status/1214261610338037761
#Vincent #cockli #CCC #interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
In our conversation Vincent Canfield tells us how the violent expulsion from 36C3 happened from his point of view. Vincent is not exactly an undisputed personality, to put it objectively. He tells us how he came up with the idea of founding his e-mail service cock.li. We also learn about Vincent’s political view of the world or how seriously he thinks cock.li should be taken. Of course we also talk to him about the „unpleasant“ moments he unfortunately had to experience at this year’s Chaos Communication Congress (36C3) in Leipzig. The man from the National.Shitposting.Agency (NSA?)had to face some questions in our interview.
Vincent Canfield: a topic about which people elsewhere prefer to remain silent?
No year should end without the annual Chaos Communication Congress (36C3). Also this year, one headline quickly followed the next. As has been the case for many years, the media have taken up the topics of the Chaos Communication Congress. Whether it’s about hacking in general, data protection or autonomous driving, 5G networks or the final proof that Deutsche Bahn is indeed unpunctual. As every year, everything was reported in detail. Apparently, (almost) nobody wanted to report on just one topic until today: Vincent Canfield, the head of cock.li, has obviously been thrown out of this year’s 36C3 congress in a rather unpleasant way.
👉🏼 The interview in english:
https://tarnkappe.info/vincent-canfield-from-cock-li-comments-on-his-expulsion-from-the-36c3/
👉🏼 The interview in german:
https://tarnkappe.info/interview-vincent-canfields-meinung-zu-cock-li-und-ueber-den-ccc/
https://twitter.com/gexcolo/status/1214261610338037761
#Vincent #cockli #CCC #interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
The Hidden Cost of Ransomware: Wholesale Password Theft
#Organizations in the throes of cleaning up after a #ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. But all too often, ransomware victims fail to grasp that the crooks behind these attacks can and frequently do siphon every single password stored on each infected endpoint. The result of this oversight may offer attackers a way back into the affected organization, access to financial and healthcare accounts, or — worse yet — key tools for attacking the victim’s various business partners and clients.
In mid-November 2019, Wisconsin-based Virtual Care Provider Inc. (#VCPI) was hit by the #Ryuk ransomware strain. VCPI manages the #IT #systems for some 110 clients that serve approximately 2,400 nursing homes in 45 U.S. states. VCPI declined to pay the multi-million dollar ransom demanded by their extortionists, and the attack cut off many of those elder care facilities from their patient records, email and telephone service for days or weeks while VCPI rebuilt its network.
👉🏼 Read more:
https://krebsonsecurity.com/2020/01/the-hidden-cost-of-ransomware-wholesale-password-theft/
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
#Organizations in the throes of cleaning up after a #ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. But all too often, ransomware victims fail to grasp that the crooks behind these attacks can and frequently do siphon every single password stored on each infected endpoint. The result of this oversight may offer attackers a way back into the affected organization, access to financial and healthcare accounts, or — worse yet — key tools for attacking the victim’s various business partners and clients.
In mid-November 2019, Wisconsin-based Virtual Care Provider Inc. (#VCPI) was hit by the #Ryuk ransomware strain. VCPI manages the #IT #systems for some 110 clients that serve approximately 2,400 nursing homes in 45 U.S. states. VCPI declined to pay the multi-million dollar ransom demanded by their extortionists, and the attack cut off many of those elder care facilities from their patient records, email and telephone service for days or weeks while VCPI rebuilt its network.
👉🏼 Read more:
https://krebsonsecurity.com/2020/01/the-hidden-cost-of-ransomware-wholesale-password-theft/
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Project Zero - Google will publish security vulnerabilities later
Google's #cybersecurity team from #ProjectZero has announced that it will change its #disclosure #policy for handling discovered #vulnerabilities. This mainly concerns the time of publication.
https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Google's #cybersecurity team from #ProjectZero has announced that it will change its #disclosure #policy for handling discovered #vulnerabilities. This mainly concerns the time of publication.
https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Cyber war: 9 things to do now before a cyberattack hits
📺 How social media is escalating tensions with Iran
http://video.foxnews.com/v/6120650076001
👉🏼 Read as well:
9 things to do now before a cyberattack hits
https://www.foxnews.com/tech/9-things-to-do-now-before-a-cyberattack-hits
👉🏼 Read as well (🇩🇪):
https://tarnkappe.info/cyber-krieg-wie-iranische-hacker-gegen-die-usa-vorgehen/
#video #cyberwar #iran #usa #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
📺 How social media is escalating tensions with Iran
http://video.foxnews.com/v/6120650076001
👉🏼 Read as well:
9 things to do now before a cyberattack hits
https://www.foxnews.com/tech/9-things-to-do-now-before-a-cyberattack-hits
👉🏼 Read as well (🇩🇪):
https://tarnkappe.info/cyber-krieg-wie-iranische-hacker-gegen-die-usa-vorgehen/
#video #cyberwar #iran #usa #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Forwarded from NoGoolag
Media is too big
VIEW IN TELEGRAM
buchanan_webreadypdf.pdf
1.9 MB
Nobody but us - The rIse and fall of the golden age of signals intelligence
The United States’ National Cryptologic Museum in Fort Meade, Maryland, displays versions of two important encryption machines. The first is the Enigma machine, the most famous cryptographic apparatus ever built. The second machine, less well known, is called SIGABA. These devices are similar in certain important respects. Each employs an electromechanical rotor-based design. Each was used during World War II; the Nazis deployed Enigma while US forces relied on SIGABA. It is no exaggeration to say that, during the conflict, these machines protected—or tried to protect—some of the most important messages in the world.
👉🏼 #PDF:
https://www.hoover.org/sites/default/files/research/docs/buchanan_webreadypdf.pdf
💡 More info on #NOBUS:
https://en.wikipedia.org/wiki/NOBUS
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
The United States’ National Cryptologic Museum in Fort Meade, Maryland, displays versions of two important encryption machines. The first is the Enigma machine, the most famous cryptographic apparatus ever built. The second machine, less well known, is called SIGABA. These devices are similar in certain important respects. Each employs an electromechanical rotor-based design. Each was used during World War II; the Nazis deployed Enigma while US forces relied on SIGABA. It is no exaggeration to say that, during the conflict, these machines protected—or tried to protect—some of the most important messages in the world.
👉🏼 #PDF:
https://www.hoover.org/sites/default/files/research/docs/buchanan_webreadypdf.pdf
💡 More info on #NOBUS:
https://en.wikipedia.org/wiki/NOBUS
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
microG: Android (almost) without Google – our interview with the developer
The use of microG means that on smartphones, you can enjoy the comfort of Android without being spied on from front to back. It’s a sort of „castrated“ Android, where hardly any data are transferred to the Google servers. How does Google manage to enforce control over the mobile operating system Android with all its might? What does it take to stand up against Google? That and much more, we will find out in our interview with the inventor of microG, Marvin Wißfeld.
👉🏼 👉🏼 Read more:
https://tarnkappe.info/microg-android-almost-without-google-our-interview-with-the-developer/
#interview #microG #android #google #DeleteGoogle #Marvin
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
The use of microG means that on smartphones, you can enjoy the comfort of Android without being spied on from front to back. It’s a sort of „castrated“ Android, where hardly any data are transferred to the Google servers. How does Google manage to enforce control over the mobile operating system Android with all its might? What does it take to stand up against Google? That and much more, we will find out in our interview with the inventor of microG, Marvin Wißfeld.
👉🏼 👉🏼 Read more:
https://tarnkappe.info/microg-android-almost-without-google-our-interview-with-the-developer/
#interview #microG #android #google #DeleteGoogle #Marvin
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Netanyahu's party exposes data on over 6.4 million Israelis
The app's website exposed a link to an API endpoint that was left without a password, allowing third-parties to obtain passwords for admin accounts.
A misconfiguration in an election day app developed by Likud, the party of Israeli prime minister Benjamin Netanyahu, may have potentially exposed and compromised the personal details of almost 6,5 million Israeli citizens.
The leak was discovered and detailed today by Ran Bar-Zik, an Israeli-born frontend developer for Verizon Media.
It is unclear if the exposed server and data was harvested by unauthorized parties before Bar-Zik's discovery and public disclosure. Local Israeli media like Haaretz, Calcalist, and Ynet confirmed Bar-Zik's findings.
👉🏼 Read more:
https://www.zdnet.com/article/netanyahus-party-exposes-data-on-over-6-4-million-israelis/
#leak #Israel #Netanyahu #Likud #compromised
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
The app's website exposed a link to an API endpoint that was left without a password, allowing third-parties to obtain passwords for admin accounts.
A misconfiguration in an election day app developed by Likud, the party of Israeli prime minister Benjamin Netanyahu, may have potentially exposed and compromised the personal details of almost 6,5 million Israeli citizens.
The leak was discovered and detailed today by Ran Bar-Zik, an Israeli-born frontend developer for Verizon Media.
It is unclear if the exposed server and data was harvested by unauthorized parties before Bar-Zik's discovery and public disclosure. Local Israeli media like Haaretz, Calcalist, and Ynet confirmed Bar-Zik's findings.
👉🏼 Read more:
https://www.zdnet.com/article/netanyahus-party-exposes-data-on-over-6-4-million-israelis/
#leak #Israel #Netanyahu #Likud #compromised
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
The intelligence coup of the century’
For decades, the CIA read the encrypted communications of allies and adversaries.
For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret.
The company, Crypto AG, got its first break with a contract to build code-making machines for U.S. troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades, navigating waves of technology from mechanical gears to electronic circuits and, finally, silicon chips and software.
The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican.
But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages.
The decades-long arrangement, among the most closely guarded secrets of the Cold War, is laid bare in a classified, comprehensive CIA history of the operation obtained by The Washington Post and ZDF, a German public broadcaster, in a joint reporting project.
👉🏼 Read more:
https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/?itid=hp_hp-top-table-main_crypto-730am%3Ahomepage%2Fstory-ans
👉🏼 In German:
https://www.zdf.de/politik/frontal-21
#CIA #BND #USA #Germany #spionage #cryptoAG #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
For decades, the CIA read the encrypted communications of allies and adversaries.
For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret.
The company, Crypto AG, got its first break with a contract to build code-making machines for U.S. troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades, navigating waves of technology from mechanical gears to electronic circuits and, finally, silicon chips and software.
The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican.
But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages.
The decades-long arrangement, among the most closely guarded secrets of the Cold War, is laid bare in a classified, comprehensive CIA history of the operation obtained by The Washington Post and ZDF, a German public broadcaster, in a joint reporting project.
👉🏼 Read more:
https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/?itid=hp_hp-top-table-main_crypto-730am%3Ahomepage%2Fstory-ans
👉🏼 In German:
https://www.zdf.de/politik/frontal-21
#CIA #BND #USA #Germany #spionage #cryptoAG #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
U.S. Officials Say Huawei Can Covertly Access Telecom Networks
Trump administration ramps up push for allies to block Chinese company
U.S. officials say Huawei Technologies Co. can covertly access mobile-phone networks around the world through “back doors” designed for use by law enforcement, as Washington tries to persuade allies to exclude the Chinese company from their networks.
Intelligence shows Huawei has had this secret capability for more than a decade, U.S. officials said. Huawei rejected the allegations.
The U.S. kept the intelligence highly classified until late last year, when American officials provided details to allies including the U.K. and Germany, according to officials from the three countries. That was a tactical turnabout by the U.S., which in the past had argued that it didn’t need to produce hard evidence of the threat it says Huawei poses to nations’ security.
👉🏼 Read more:
https://www.wsj.com/articles/u-s-officials-say-huawei-can-covertly-access-telecom-networks-11581452256
#huawei #usa #backdoors
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Trump administration ramps up push for allies to block Chinese company
U.S. officials say Huawei Technologies Co. can covertly access mobile-phone networks around the world through “back doors” designed for use by law enforcement, as Washington tries to persuade allies to exclude the Chinese company from their networks.
Intelligence shows Huawei has had this secret capability for more than a decade, U.S. officials said. Huawei rejected the allegations.
The U.S. kept the intelligence highly classified until late last year, when American officials provided details to allies including the U.K. and Germany, according to officials from the three countries. That was a tactical turnabout by the U.S., which in the past had argued that it didn’t need to produce hard evidence of the threat it says Huawei poses to nations’ security.
👉🏼 Read more:
https://www.wsj.com/articles/u-s-officials-say-huawei-can-covertly-access-telecom-networks-11581452256
#huawei #usa #backdoors
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Report: 1,000s of Plastic Surgery Patients Exposed in Massive Data Leak
Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached database belonging to plastic surgery technology company NextMotion.
NextMotion provides clinics working in dermatology, cosmetic, and plastic surgery with digital photography and video devices for their patients.
The compromised database contained 100,000s of profile images of patients, uploaded via NextMotion’s proprietary software. These were highly sensitive, including images of patients’ faces and specific areas of their bodies being treated.
This breach made NextMotion, its clients, and their patients incredibly vulnerable and represented a significant lapse in the company’s data privacy policies.
Timeline of Discovery and Owner Reaction
Sometimes, the extent of a data breach and the owner of the data are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.
Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.
Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.
In this case, the database was named after the company, so we quickly identified NextMotion as the potential owner. We investigated further to ensure this was correct before moving forward.
Read more:
https://www.vpnmentor.com/blog/report-nextmotion-leak/
#leak #breach #nextmotion
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached database belonging to plastic surgery technology company NextMotion.
NextMotion provides clinics working in dermatology, cosmetic, and plastic surgery with digital photography and video devices for their patients.
The compromised database contained 100,000s of profile images of patients, uploaded via NextMotion’s proprietary software. These were highly sensitive, including images of patients’ faces and specific areas of their bodies being treated.
This breach made NextMotion, its clients, and their patients incredibly vulnerable and represented a significant lapse in the company’s data privacy policies.
Timeline of Discovery and Owner Reaction
Sometimes, the extent of a data breach and the owner of the data are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data.
Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.
Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate.
In this case, the database was named after the company, so we quickly identified NextMotion as the potential owner. We investigated further to ensure this was correct before moving forward.
Read more:
https://www.vpnmentor.com/blog/report-nextmotion-leak/
#leak #breach #nextmotion
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Forwarded from #Wikileaks
Why Did Twitter Just "Lockdown" WikiLeaks Account? https://www.zerohedge.com/technology/why-did-twitter-just-lockdown-wikileaks-account … The Extradition Hearing on whether to send Julian Assange to an American Gulag starts on February 24. #FreeAssange http://dlvr.it/RQDWb2 #WikiLeaks 🆘 @saveAssange via Twitter
Zerohedge
Zerohedge
ZeroHedge - On a long enough timeline, the survival rate for everyone drops to zero
Forwarded from NoGoolag
Warning about Smali Patcher issued in public interest
Smali patcher was released a while ago, and it seemed to be a very useful tool (despite it being windows only) as it would automagically pull, deodex, patch and push sigspoof to your connected phone. Even more so since no other sigspoof patcher seems to support Q yet.
But a little research before I went to ask the "developer" to open source it revealed these posts in the thread:
- https://forum.xda-developers.com/showpost.php?p=78958124
-> f0mey (OP of thread) admitting that they don't know anything of the source code and probably don't even have access to it
- https://forum.xda-developers.com/showpost.php?p=80287799
- https://forum.xda-developers.com/showpost.php?p=80287989
- https://forum.xda-developers.com/showpost.php?p=80292041
-> A user complaining that the executable recieves incoming connections from arbitrary IPs, and f0mey nonchalantly saying that they have no idea what that is and it's probably nothing. Further down the thread, f0mey notes the IP seems to be from Russia, still confident that nothing is wrong.
Conclusion:
Still no proof that Smali Patcher does anything malicious, but a pretty big concern.
Also, its real origin is still unknown. Perhaps 4pda?
@NoGoolag
#smalipatcher #sigspoof #smali
Smali patcher was released a while ago, and it seemed to be a very useful tool (despite it being windows only) as it would automagically pull, deodex, patch and push sigspoof to your connected phone. Even more so since no other sigspoof patcher seems to support Q yet.
But a little research before I went to ask the "developer" to open source it revealed these posts in the thread:
- https://forum.xda-developers.com/showpost.php?p=78958124
-> f0mey (OP of thread) admitting that they don't know anything of the source code and probably don't even have access to it
- https://forum.xda-developers.com/showpost.php?p=80287799
- https://forum.xda-developers.com/showpost.php?p=80287989
- https://forum.xda-developers.com/showpost.php?p=80292041
-> A user complaining that the executable recieves incoming connections from arbitrary IPs, and f0mey nonchalantly saying that they have no idea what that is and it's probably nothing. Further down the thread, f0mey notes the IP seems to be from Russia, still confident that nothing is wrong.
Conclusion:
Still no proof that Smali Patcher does anything malicious, but a pretty big concern.
Also, its real origin is still unknown. Perhaps 4pda?
@NoGoolag
#smalipatcher #sigspoof #smali
Raid on Amazon in Austria
The financial police seal off a warehouse to check the chauffeurs of the delivery vans. In a short time, dozens of violations are discovered.
Amazon Austria had to tolerate a raid on Tuesday in the presence of a journalist of all people. Amazon was hosting a reporter from the daily newspaper Die Presse on a tour of a distribution centre in Lower Austria when suddenly more than 60 officers of the financial police were on the mat. Their suspicion of dummy companies and illicit work was not directed directly against Amazon, but rather against its subcontractors for delivery trips.
The authorities occupied all entrances and exits of the Amazon distribution centre in Großrebersdorf and checked all chauffeurs for two hours. As reported by the Austrian Broadcasting Corporation, 174 employees of no less than 36 companies were treated by the authorities.
https://noe.orf.at/stories/3035248/
read more (german):
https://www.heise.de/newsticker/meldung/Razzia-bei-Amazon-in-Oesterreich-4663663.html
read in english:
https://www.en24.news/A/2020/02/financial-raid-on-amazon-austria-economy.html
#DeleteAmazon #raid #austria
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
The financial police seal off a warehouse to check the chauffeurs of the delivery vans. In a short time, dozens of violations are discovered.
Amazon Austria had to tolerate a raid on Tuesday in the presence of a journalist of all people. Amazon was hosting a reporter from the daily newspaper Die Presse on a tour of a distribution centre in Lower Austria when suddenly more than 60 officers of the financial police were on the mat. Their suspicion of dummy companies and illicit work was not directed directly against Amazon, but rather against its subcontractors for delivery trips.
The authorities occupied all entrances and exits of the Amazon distribution centre in Großrebersdorf and checked all chauffeurs for two hours. As reported by the Austrian Broadcasting Corporation, 174 employees of no less than 36 companies were treated by the authorities.
https://noe.orf.at/stories/3035248/
read more (german):
https://www.heise.de/newsticker/meldung/Razzia-bei-Amazon-in-Oesterreich-4663663.html
read in english:
https://www.en24.news/A/2020/02/financial-raid-on-amazon-austria-economy.html
#DeleteAmazon #raid #austria
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Trump offered to pardon Assange if he covered up Russian interference in US election, court told
Wikileaks founder has evidence of visit from Republican congressman to Ecuadorian embassy allegedly on president’s behalf
Donald Trump offered to pardon Julian Assange if he covered up Russia’s interference in the 2016 US election, a court has heard.
The explosive claim – which could have profound consequences for Mr Trump’s re-election effort if proven true – emerged as Assange, 48, appeared at Westminster Magistrates’ Court ahead of a hearing next week about his possible extradition to the US.
Assange’s barrister highlighted evidence that former US Republican congressman Dana Rohrabacher had been to see Assange in the Ecuadorian embassy in August 2017, in the early days of Robert Mueller’s probe into Russian interference in the previous election.
Edward Fitzgerald QC said a statement from Assange’s lawyer Jennifer Robinson shows “Mr Rohrabacher going to see Mr Assange and saying, on instructions from the president, he was offering a pardon or some other way out, if Mr Assange ... said Russia had nothing to do with the DNC leaks”.
A series of emails embarrassing for the Democrats and the Hillary Clinton presidential campaign were hacked before being published by WikiLeaks in the run-up to the 2016 election.
Read more:
https://www.independent.co.uk/news/world/americas/us-election/trump-julian-assange-wikileaks-pardon-russia-us-election-court-a9345081.html
#FreeAssange #USA #Trump #Russia
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Wikileaks founder has evidence of visit from Republican congressman to Ecuadorian embassy allegedly on president’s behalf
Donald Trump offered to pardon Julian Assange if he covered up Russia’s interference in the 2016 US election, a court has heard.
The explosive claim – which could have profound consequences for Mr Trump’s re-election effort if proven true – emerged as Assange, 48, appeared at Westminster Magistrates’ Court ahead of a hearing next week about his possible extradition to the US.
Assange’s barrister highlighted evidence that former US Republican congressman Dana Rohrabacher had been to see Assange in the Ecuadorian embassy in August 2017, in the early days of Robert Mueller’s probe into Russian interference in the previous election.
Edward Fitzgerald QC said a statement from Assange’s lawyer Jennifer Robinson shows “Mr Rohrabacher going to see Mr Assange and saying, on instructions from the president, he was offering a pardon or some other way out, if Mr Assange ... said Russia had nothing to do with the DNC leaks”.
A series of emails embarrassing for the Democrats and the Hillary Clinton presidential campaign were hacked before being published by WikiLeaks in the run-up to the 2016 election.
Read more:
https://www.independent.co.uk/news/world/americas/us-election/trump-julian-assange-wikileaks-pardon-russia-us-election-court-a9345081.html
#FreeAssange #USA #Trump #Russia
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN