Bringing Starchild Down to Earth: Soraka SDK

The White Ops Threat Intelligence team recently identified 100+ malicious apps, with more than 4.6 million downloads, performing ad fraud. All of the apps use a common code package White Ops has dubbed “Soraka” (com.android.sorakalibrary.*):

In addition to the Soraka code package, we also discovered, in some of the apps, a variant with similar functionality which we dubbed “Sogo” (com.android.sogolibrary.*):

https://www.whiteops.com/blog/bringing-starchild-down-to-earth-soraka-sdk

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

The story of how surveillance capitalism is killing web.

👁 New York Times was able to track President Trump's movements by combining leaked location data with public information, showing the ease which which cell phone location data can be turned into a spying tool ❗️

➖Times Privacy Project got the data from anonymous whistleblowers concerned about this vulnerability and a lack of regulations ❗️Dataset of >50 billion location pings from the phones of >12 million people in this country. It was a random sample from 2016 and 2017, but it took only minutes, with assistance from publicly available information to deanonymize location data and track the whereabouts of President
➖NYT said result being tracking and identifying people as easy. And there is no regulation to stop the exchange of sych data between different parties and companies for profit❗️
➖“Tech companies are profiting by spying on Americans.. report is another alarming case for why we need to break up big tech, adopt serious privacy regulations and hold top executives of these companies personally responsible.” Senator Elizabeth Warren, a Democrat running for president, told NYT
➖“Location tracking data of individuals can be used to facilitate reconnaissance, recruitment, social engineering, extortion and in worst-case scenarios, things like kidnapping and assassination,” warned a cybersecurity expert

💡The sources who provided the trove of location information to Times Opinion did so to press for regulation and increased scrutiny of the location data market. So far, Washington has done virtually nothing to address the threats, and location data companies have every reason to keep refining their tracking, sucking up more data and selling it to the highest bidders.

🌐 Read - a #GoodRead with good infographics
#Tracking #Location #Datamining

🌐Stop using Google/Other location data malware. Go NoGapps

💡Edward Snowden: How Your Cell Phone Spies on You

Timestamps:
1. Network data collection
2. App data collection
3. Importance of Firewall & Permissions on per app bases
4. Buying device & still not owning it
5. Third party doctrine, loophole to prove your data is no yours👌

💡"The scandal isn't how they're breaking the law, the scandal is that they don't have to break the law"

🎥 WATCH -YT
🎥 WATCH - Invidio
🎥 Watch Source
#GoodShare #DataMining #Surveillance

🚀 Adopt Android Privacy > Go NoGapps

The tech giants are about to declare satellite war on the traditional telecoms operators

https://medium.com/enrique-dans/the-tech-giants-are-about-to-declare-satellite-war-on-the-traditional-telecoms-operators-8050ff7b49ab


#isp #telecom #satellite

microG: Android (almost) without Google - Interview with the developer, please submit Your questions!

👉🏽 Read the full article in English:
https://tarnkappe.info/microg-android-without-google-an-interview-with-the-developer/

👉🏽 Submit your questions in English:
https://tarnkappe-forum.info/t/microg-android-without-google-an-interview-with-the-developer/2933

👉🏽 Read the full article in German:
https://tarnkappe.info/microg-android-ohne-google-ein-interview-mit-dem-entwickler/

👉🏽 Submit your questions in German:
https://tarnkappe-forum.info/t/microg-android-ohne-google-ein-interview-mit-dem-entwickler/2934/8

👉🏽 For all Telegram users, whether German or English, there is the option to ask your questions here:
https://news.1rj.ru/str/joinchat/Ev2mTVbTsZQ0QcpnIQ3fWA

👉🏽 Or here: @NoGoolag

Please mark your questions in them Telegram Groups with #question

And please send us your questions to the developer until December 31st. As always, we can’t accept any questions after that date.

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

YalpStore Contemporary

Hey all !

I compiled YalpStore with my dispensers and new anonymous login method on demand of some fellow mates.
Will send the binaries here, in case anyone needs it.

Notes:
0. Only Anonymous login is fixed.
1. Its signed by my keystore, so need to do a clean install.
2. I have no plans to submit it on FDroid or anywhere else.
3. I have pushed the changes on my github, anyone interested can build.
4. Also if you have contacts with the legendary Yalp dev, let me know will talk to him and do a PR if he agrees to merge.

Source : https://github.com/whyorean/YalpStore


#yalp #aurora

#Changelog : 0.47

1. Allow clearText traffic on Android N and above.

All my dispensers are using http, so this change would allow using them.

· independent Journalism needs our support — explained by: Abby Martin, Yanis Varoufakis, Jill Stein & Peter Kuznick - #media #politics #democracy
invidio.us/a2PJ6b__nXs

Become a patron of @acTVism! Patreon.com/acTVism

#Changelog : 3.1.6 Beta

1. UI Overhaul
2. Fixed accounts issues
3. Fixed search issues
4. Fixed other major bugs

This is a beta, I may have forgot few things to fix and may have added new bugs, as I haven't got time enough time to code it on a single stretch.

Kindly report the bugs if you find any.

Digital Privacy at the U.S. Border: Protecting the Data On Your Devices

https://www.eff.org/wp/digital-privacy-us-border-2017


#travel #usa #border #tsa #security #privacy #guide

LibreOffice 6.4 nearly done as open-source office software project prepares for 10th anniversary

A decade later, has LibreOffice succeeded? With business still hooked on Microsoft Office, not really

The LibreOffice team is testing the first release candidate of version 6.4, which is set for release at the end of January.

What's new in version 6.4? There are numerous fresh features; most are small, but they do include the ability to insert QR codes into any document. The Generate QR Code feature lets you enter a hyperlink (or any text) and generate a QR code with four options for complexity. A low complexity is better for long URLs while high has better error correction if there are errors in reading.

https://www.theregister.co.uk/2019/12/24/libreoffice_64_nearly_done_as_project_prepares_for_10th_anniversary/

Read Via Telegram

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

Daily feed of bad IPs (with blacklist hit scores)

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

💡 As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

💡 If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:net
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

https://github.com/stamparm/ipsum

#IPsum #tool #guide
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

OnlyOffice Community Server: open-source collaboration projects
Article, Comments

Live streaming from the 36th Chaos Communication Congress

Every year at the end of December, not only Christmas but also the Chaos Communication Congress is on our schedule. Under the motto "Resource Exhaustion", several thousand hackers meet again in Leipzig between the years.

📺 Livestream:
https://streaming.media.ccc.de/36c3/

💡 Schedule overview:
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/

#CCC #36C3 #Streaming #Video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

CCC analyses Munich's state trojan FinSpy

The technical #analysis of copies of the #FinSpy #malware substantiates the reasons for the criminal complaint against the Munich manufacturer of the #StateTrojan. The #CCC publishes its report as well as several variants of FinSpy and a complete documentation of the analysis.

#Security researchers of the Chaos Computer Club (CCC) have analyzed a total of 28 copies of the #spy-#software FinSpy for #Android from 2012 to 2019. The main focus of the investigation was the origin of the malware and the date of its production. The reason for the investigation is the criminal complaint of the Gesellschaft für Freiheitsrechte (GFF) and other organizations against the German group of companies #FinFisher because of the deliberate violation of licensing requirements for dual-use software according to § 18 para. 2 No. 1 and § 18 para. 5 No. 1 Foreign Trade Act (AWG).

The CCC today publishes its comprehensive report: Evolution of a private sector malware for governmental players

💡 The result of the analysis is that a copy of malware, which according to the GFF was used against the Turkish opposition movement in 2016, was clearly created after the EU export control regulations for surveillance software came into force.

💡 By comparing it with over twenty other copies from a seven-year period, the CCC shows continuity in the further development into which this copy fits. This is seen as a strong indication that it is a variant of the state Trojan "FinSpy". FinSpy is a product of the FinFisher group of companies, which has branches in Munich and elsewhere.

💡 In its report, the CCC also documents references to German-speaking developers that can be found in the source code.

"Our analysis shows that surveillance software originally from Germany was apparently used against democratic dissidents," said Linus Neumann, one of the authors of the analysis. "How this could have come about, the public prosecutor's office and the customs criminal office must now clarify."

https://github.com/linuzifer/FinSpy-Dokumentation

https://github.com/devio/FinSpy-Tools

👉🏼 Read more:
https://www.ccc.de/de/updates/2019/finspy

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

YouTube Stars Once Stole Social Security Benefits

20-somethings ripped off people old enough to be their grandparents

Still in their 20s, the Florida couple enjoyed the good life: exotic getaways, a spacious home in Palm Beach County and a silver Bentley.

They invited the world into their lives by frequently posting videos on YouTube and other online platforms.

On camera they staged pranks, flaunted possessions — their son drives a toy Porsche — and laid family squabbles bare. In a segment called “Things We Hate About Each Other!” he revealed she picks her nose.

https://www.aarp.org/money/scams-fraud/info-2019/florida-social-security-fraud.html

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

Mozilla Adds Additional DNS-Over-HTTPS Provider to Firefox

Mozilla has added an additional DNS provider to its DNS-Over-HTTPS implementation in Firefox. This gives Firefox users more options as to which DoH provider they use for secure DNS lookups.

When Mozilla announced that they would be testing the DoH implementation solely with Cloudflare DNS servers, users were concerned that using a single provider decreased user's privacy and gave that provider too much data about Firefox's users.

https://www.bleepingcomputer.com/news/software/mozilla-adds-additional-dns-over-https-provider-to-firefox/

Read Via Telegram

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

Deezer music downloaders

Open source Deezer music downloader apps. Download the whole catalog of Deezer in .mp3 or .flac in Linux / Windows / Mac / Android.

ANDROID APPS:

AIDS Awful, Irritable Deezer Scraper
📱 @NickHasAIDS
💬 @AIDSSociety


📱 Deezloader Remix Mobile Releases
@deezloaderremixmobile
or
https://gitlab.com/Nick80835/DeezLoader-Android/tree/master/Release

🗿 Deezloader Mobile Beta Releases
@deezloaderremixmobilebeta

FAQ: @DeezloaderFAQ

English Group: https://news.1rj.ru/str/joinchat/Ed1JxEfoci8sv2dVwTUQ3A
Grupo Hispano: https://news.1rj.ru/str/joinchat/PvQmO0n3_BxD_1DPWB4zGQ
Grupo Português: @DeezloaderPT


PC:

🖥 Deezloader Remix Windows/MAC/Linux Releases
@deezloaderremix
or
https://notabug.org/RemixDevs/DeezloaderRemix/wiki/Downloads
🗨 Official Support for Windows/MAC/Linux
@DeezloaderRemixCommunity
📰 News
@RemixDevs


NOTES:

Start DeezLoader and click on "OPEN DEEZLOADER HERE".

If you have just updated your app, we advise you to reverify that your configuration has not changed (eg at each launch please reselect "FLAC 1411" in Settings instead of "MP3 320" by default).

Configuration:
Click on the top right of the Deezloader application, go to settings
Artwork size "1400x1400"
Audio Bitrate "FLAC 1411"
Further down tick all the boxes and then click on "Save".

To find the noscripts you have just downloaded, go to the internal storage of your mobile My files> Internal storage> Music> Deezloader.
You can also change the location by going to the Deezloader Settings.

To listen to your mp3 or FLAC from your mobile / tablet / box running Android you can try with music players like Vinyl, Vanilla, AIMP...


📡 @Libreware
#deezloader #deezer #music #android