Exploitation of LAN vulnerability found in Firefox for Android (PoC)

I tested this PoC exploit on 3 devices on same wifi, it worked pretty well.

I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below)

👀 👉🏼 https://twitter.com/LukasStefanko/status/1307013106615418883

👀 👉🏼 Firefox for Android LAN-Based Intent Triggering:
https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020

#android #security #exploit #firefox #LAN #vulnerability #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

A Threat Actor is selling several databases from various companies worldwide including 3 from the Financial sector:

- Indonesia 🇮🇩 - 2,9 million records
- Mexico 🇲🇽 - 4,7 million records
- USA 🇺🇸 - 2,2 million records

👀 👉🏼 The Threat Actor shared samples for each DB.
https://nitter.net/Bank_Security/status/1306964926041403393

#hacker #hack #breach #database #worldwide #indonesia #uk #mexico #usa #india #thailand
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

We Are All Algorithms Now - Is that what's really destroying the legitimacy of our democracy?

I’ve never felt this way about an election before. For my entire adult life, campaigns could be exhilarating, tedious, crowded with incident or laden with foreboding, but you always felt that, at some point, there would be a resolution. The votes would be counted; the exit polls parsed; a decision made; and both sides would respect it. The one time that didn’t happen — in 2000 — I felt for the first time an inkling of what I feel in every part of my psyche now: a sense that the system itself was buckling.

👉🏼 ..(..)...
And the reason this dystopian scenario is so credible is not just the fault of these political actors. It’s ours too — thanks to the impact of social media. I think we’ve under-estimated just how deep the psychological damage has been in the Trump era — rewiring the minds of everyone, including your faithful correspondent, in ways that make democratic discourse harder and harder and harder to model. The new Netflix documentary, The Social Dilemma, is, for that reason, a true must-watch. It doesn’t say anything shockingly new, but it persuasively weaves together a whole bunch of points to reveal just how deeply and thoroughly fucked we are. Seriously, take a look.

👉🏼 ..(..)..
For #Facebook and #Google and #Instagram and #Twitter, the business goal quickly became maximizing and monetizing human attention via #addictive #dopamine hits. Attention, they meticulously found, is correlated with emotional intensity, outrage, shock and provocation. Give artificial intelligence this simple knowledge about what distracts and compels humans, let the algorithms do their work, and the profits snowball. The cumulative effect — and it’s always in the same incendiary direction — is mass detachment from reality, and immersion in tribal fever.

👀 👉🏼 https://andrewsullivan.substack.com/p/we-are-all-algorithms-now

👀👇🏼 "Dopamine": Miniseries about the addiction mechanisms of Tinder, Facebook and Co. 👇🏼

"They'll do anything to make you an addict," they say about #Tinder, #Facebook, #CandyCrush, #Instagram, #YouTube, #Snapchat, #Uber and #Twitter in the miniseries of #Arte. Eight episodes explain in detail which mechanisms are triggered in our brain to keep us engaged

📺 👉🏼 https://t.me/BlackBox_Archiv/833 👈🏼 📺

#surveillance #capitalism #SocialDilemma #dystopian #democracy #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Surveilling the surveillers - About military RF communication surveillance and other activist art & technology projects

This talk will present relevant works in this field and will draw connections between critical art and regulatory power, warfare, surveillance, electronic waste, electronic self-defense and the re-appropriation of architectural and technological artifacts in militant ways.

💡 👇🏼 🇩🇪 🇬🇧 🇫🇷 These file here contains multiple languages.
https://media.ccc.de/v/33c3-7978-surveilling_the_surveillers#t=70

#surveilling #surveillers #33c3 #ccc #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Bitwarden leaks passwords to other subdomains

Today I was on a domain that should only be available via BasicAuth. Then I was really scared when I did not have to login. Even in incognito mode the page was visible without login. Is my BasicAuth broken? Turns out: No, but @Bitwarden has automatically logged in for me.

👀 👉🏼 https://nitter.net/RitzmannMarkus/status/1307614248835731456

#bitwarden #leak #password #subdomains
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

How money is laundered through New York banks

An ICIJ investigation reveals the role of global banks in industrial-scale money laundering — and the bloodshed and suffering that flow in its wake.

The FinCEN Files show trillions in tainted dollars flow freely through major banks, swamping a broken enforcement system.

📺 👉🏼 https://www.icij.org/investigations/fincen-files/

#investigation #FinCEN #money #laundering #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Fair Code vs Open Source, Which Wins The Future?

Fair code is a new software development model which aims to replace the long-ruling open source model. Fair code authors argue that open source software lack a critical point in terms of commercial usage of the software, and hence, introduced their initiative to fix it.

What is Fair Code?

When developers release their software as open source, they are also giving a by-definition right to every company in the world to commercially use their software without having to obtain a license or share some profits with them. And this caused some problems in the open source world few years ago. For example, Amazon took the MongoDB source code (An open source database system), changed its name and then provided it as a SaaS (Software-as-a-Service) on its AWS platform, and then charged people money to use it. MongoDB developers were angered since they literally got nothing back from Amazon although they are the original creators of 100% of the code.

👀 👉🏼 https://fosspost.org/fair-code-open-source/

#foss #faircode #OpenSource #future #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Did Russian Spies Use Diplomatic Cover to Run a Global Cocaine-Smuggling Operation?

Six men await trial in Moscow and Buenos Aires, charged with operating one of the craziest, most ambitious narco-trafficking rings in history. Russia’s embassy in Argentina was the storage depot and Russian government transport was intended to move a cartel-sized consignment of virtually uncut cocaine from South America to Moscow.

It was a transnational crime that astounded and confused the world, not least because authorities allege it was carried out by a small but resourceful cabal including one dirty embassy employee, one corrupt cop, and one charismatic chameleon who used some of the most secure Russian state real estate to store and smuggle $60 million worth of drugs.

According to the official narrative, they did it all right under the noses of innocent diplomats and intelligence officers—and they would have gotten away with it without the plucky joint police work of Russian and Argentinian law enforcement. But what if that neat conclusion, which will soon be presented in court, is intentionally incomplete, a whitewash designed to protect more senior officials in the Russian government?

👀 👉🏼 https://www.thedailybeast.com/was-andrei-kovalchuk-and-the-russian-embassy-in-argentina-at-the-center-of-a-russian-spy-cocaine-ring

#russia #argentina #embassy #spy #drugs #cocaine #smuggling #whitewash #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The KGB Experience - How to Catch a Spy who Uses Numbers Stations?

Introduction

From 2019 onwards the Latvian National Archive offers access to various KGB documents. The author had already previously shown the very detailed efforts of the Latvian KGB counterintelligence to monitor and study the CIA and BND numbers stations broadcasts, or what they called – “one directional communications”.[1] These are one of the most definitive archival sources which prove that foreign intelligence actively used shortwave in the USSR and that the KGB was aware of it. The documents showed that the KGB had monitored these broadcasts from at least 1978, but the files spoke very vaguely if the monitoring effort led to any apprehension and capture of a foreign agent. We, however, know that there were such cases like Alexander Ogorodnik[2], and others where the use of shortwave signals was determined.

👀 👉🏼 https://www.numbers-stations.com/how-to-catch-a-spy-who-uses-numbers-stations-the-kgb-experience/

#russia #kgb #spy #numbersstations #research
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Yandex - no longer to be found in Turkey

The "Russian Google" is withdrawing from the country. It is apparently reacting to new Turkish laws which, according to critics, are intended to control government opponents on the Internet.

The Russian Internet provider Yandex is apparently withdrawing from Turkey. As the Turkish business site Marketing Türkiye reports, the digital giant, which is considered the Russian answer to Google, will close its Istanbul office. An official confirmation from Yandex is still pending. Turkish media, however, reported that the company will close its office on October 1, lay off employees and conduct business in Turkey from Russia.

The Russian company is thus likely to react to the new Turkish digital legislation, which will come into force in the fall and will force providers of digital services to control the use of Internet platforms much more than before. According to the new law, platforms with more than one million users in the country will have to register with their own branch. They are thus subject to Turkish law and are liable. At the same time they will be forced to register the identities of their users. In addition, platform operators are to be forced to delete postings that are classified as untrue or offensive.

👀 👉🏼 🇩🇪 Translated with DeepL:
https://www.sueddeutsche.de/digital/yandex-tuerkei-erdogan-1.5038746

#yandex #russia #turkey #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Microsoft acquires game publisher Bethesda Softworks for $7.5 billion

Microsoft is continuing to add firepower to its gaming unit. Its latest move: Spending $7.5 billion for the creator of The Elder Scrolls, Fallout, Doom and other key franchises.

Microsoft is continuing to beef up its gaming franchise with the purchase of ZeniMax Media, the parent company of Bethesda Softworks, for $7.5 billion in cash. Bethesda is a major game publisher and creator of The Elder Scrolls, Fallout, Wolfenstein, Doom and other key franchises.

For a sense of perspective, Microsoft also paid $7.5 billion for GitHub in 2018.

The move comes on September 21, a day before Microsoft is opening up preorders for its new gaming consoles, the Xbox One X and Xbox One S. (It's also the day before the start of its Ignite 2020 IT Pro conference.) Both of the new consoles will go on sale on November 10.

With the addition of Bethesda, Microsoft will grow its number of game studios from from 15 to 23. Plans are to add Bethesda's franchises to Xbox Game Pass, Microsoft's gaming subscription bundle. According to Microsoft, officials are planning to add Bethesda's future games into Xbox Game Pass the same day they launch on Xbox or PC.

Bethesda Softworks was founded 34 years ago and along with ZeniMax employs multiple thousands of people.

👀 👉🏼 https://news.microsoft.com/features/microsoft-to-acquire-zenimax-media-and-its-game-publisher-bethesda-softworks-for-7-5-billion/

👀 👉🏼 https://www.zdnet.com/article/microsoft-acquires-game-publisher-bethesda-softworks-for-7-5-billion

#microsoft #bethesda #ZeniMax
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

BigBrotherAwards 2020 - The Oscars for surveillance

Exciting, entertaining and easy to understand, the 'Oscars for Surveillance' (Le Monde) are awarded to the biggest data offenders of the last year. A jury of prominent civil rights activists annually awards this data protection negative prize to companies, organizations and politicians.

👉🏼 📺 🇩🇪 🇬🇧
https://media.ccc.de/v/bba20

💡 These file here contains multiple languages.
The file available for download contains all languages as separate audio-tracks.

#bba20 #surveillance #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Facebook Says it Will Stop Operating in Europe If Regulators Don’t Back Down

European regulators are cracking down on Facebook's ability to transfer data across the Atlantic. Now the tech giant is threatening to pull its services from more than 400 million European users.

CORK, Ireland — Facebook has threatened to pack up its toys and go home if European regulators don’t back down and let the social network get its own way.

In a court filing in Dublin, Facebook said that a decision by Ireland’s Data Protection Commission (DPC) would force the company to pull up stakes and leave the 410 million people who use Facebook and photo-sharing service Instagram in the lurch.

If the decision is upheld, “it is not clear to [Facebook] how, in those circumstances, it could continue to provide the Facebook and Instagram services in the EU,” Yvonne Cunnane, who is Facebook Ireland’s head of data protection and associate general counsel, wrote in a sworn affidavit.

The decision Facebook’s referring to is a preliminary order handed down last month to stop the transfer of data about European customers to servers in the U.S., over concerns about U.S. government surveillance of the data.

Facebook hit back by filing a lawsuit challenging the Irish DPC’s ban, and in a sworn affidavit filed this week, the company leveled some very serious accusations about the Irish data-protection commissioner, including a lack of fairness and apparent bias in singling out Facebook.

Cunnane points out that Facebook was given only three weeks to respond to the decision, a period that is “manifestly inadequate,” adding that Facebook wasn’t contacted about the inquiry prior to judgment being handed down.

She also raises concerns about the decision being made “solely” by Helen Dixon, Ireland’s data protection commissioner.

“The fact one person is responsible for the entire process is relevant to [Facebook’s] concerns, in respect of the inadequacy of the investigative process engaged in and independence of the ultimate decision-making process,” Cunnane wrote.

Cunnane also complains that Facebook is being singled out, noting no other big tech company using similar methods to transfer data to the U.S. from the EU is under the same scrutiny.

👀 👉🏼 https://www.vice.com/en_us/article/889pk3/facebook-threatens-to-pull-out-of-europe-if-it-doesnt-get-its-way

#fb #facebook #DeleteFacebook #usa #eu #ireland #data #regulators
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Brazil's data protection regulations sanctioned

But the country still lacks an agency to enforce the rules.

Brazil's General Data Protection Regulations (LGPD, in the Portuguese acronym) have been sanctioned by president Jair Bolsonaro on Friday (18), after nearly a month of uncertainty over the actual go-live date of the rules.

The latest development brings a change in relation to the implementation date of May 2021 proposed by the Brazilian Congress and means the regulations are already valid, with sanctions for non-compliance applicable from August 2021.

Among other things, the LGPD prohibits illicit or abusive processing of personal data from a specific person or a group to support business decisions - consumer data for the sale of goods or services, for example - public policies or the performance of a government agency. Sanctions for non-compliance range from warnings to daily fines of up to 50 million reais (USD 9.2 million), in addition to a partial or total suspension of activities related to data processing.

Despite the fact that the data protection rules have gone live in Brazil, the presidential sanction did not include any mention to the formation of the National Data Protection Authority (ANPD, in the Portuguese acronym), which will be tasked with enforcing the rules and is set to include members from industry, academia and national Internet governance bodies.

👀 👉🏼 https://www.zdnet.com/article/brazils-data-protection-regulations-sanctioned

#brazil #data #protection #regulations
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Democratizing and Decolonizing the Future - Grassroots Utopias from Indonesia

In this online podium discussion we will present the power of critical ideas and show examples of utopian futures in the making in Indonesia. The projects created by Indonesian hackers and makers use technology to solve one or more local problems, attempting to create more equitable and positive future for their communities. They will be streamed as they happen live: different projects from around Indonesia will show how they make social change happen.

📺 👉🏼 https://media.ccc.de/v/ds20-11322-democratizing_and_decolonizing_the_future

#ds20 #ccc #indonesia #utopias #democratizing #decolonizing #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

At the Math Olympiad, Computers Prepare to Go for the Gold

Computer scientists are trying to build an AI system that can win a gold medal at the world’s premier math competition.

The 61st International Mathematical Olympiad, or IMO, begins today. It may go down in history for at least two reasons: Due to the COVID-19 pandemic it’s the first time the event has been held remotely, and it may also be the last time that artificial intelligence doesn’t compete.

Indeed, researchers view the IMO as the ideal proving ground for machines designed to think like humans. If an AI system can excel here, it will have matched an important dimension of human cognition.

“The IMO, to me, represents the hardest class of problems that smart people can be taught to solve somewhat reliably,” said Daniel Selsam of Microsoft Research. Selsam is a founder of the IMO Grand Challenge, whose goal is to train an AI system to win a gold medal at the world’s premier math competition.

Since 1959, the IMO has brought together the best pre-college math students in the world. On each of the competition’s two days, participants have four and a half hours to answer three problems of increasing difficulty. They earn up to seven points per problem, and top scorers take home medals, just like at the Olympic Games. The most decorated IMO participants become legends in the mathematics community. Some have gone on to become superlative research mathematicians.

👀 👉🏼 https://www.quantamagazine.org/at-the-international-mathematical-olympiad-artificial-intelligence-prepares-to-go-for-the-gold-20200921/

#mathematical #olympiad #artificial #intelligence #ai #IMO
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

New York City police officer spied on fellow Tibetans for China, prosecutors charge

A New York City police officer who also serves in the U.S. Army Reserve was arrested Monday on a federal charges of acting as an illegal agent of China.

The police officer, Baimadajie Angwang, who was born in the autonomous region of Tibet in China, allegedly repeatedly reported to officials at the Chinese Consulate in New York on the activities of other ethnic Tibetans in the New York area.

A complaint said that Angwang "used his official position in the NYPD to provide [Chinese] Consulate officials access to senior NYPD officials through invitations to official NYPD events."

The 33-year-old cop, Baimadajie Angwang, who was born in the autonomous region of Tibet in China, allegedly reported to officials at the Chinese consulate in New York on the activities of other Tibetans in the New York area.

Angwang, after appearing remotely in federal court in New York via teleconference, was ordered by a judge to be detained without bond after prosecutors said he "presents a serious risk of flight" to avoid the criminal charges. Angwang's lawyer reserved his right to argue for bail at a later date.

If convicted, Angwan, a resident of Nassau County, Long Island, face a maximum possible prison sentence of 55 years.

Authorities noted in a criminal complaint that Angwang, who currently works for the New York Police Department's community affairs unit in the 111th precinct in Queens, "initially traveled to the United States on a cultural exchange visa."

But after overstaying a second visa he "eventually sought asylum in the United States on the basis that he had allegedly been arrested and tortured in the [People's Republic of China] due partly to this Tibetan ethnicity," the complaint said.

The U.S. Attorney's Office for the Eastern District of New York, in a detention memo, said that despite Angwang's claims, an investigation found that "Angwang has traveled back to the PRC on numerous occasion since his asylum application was granted."

"These are not the actions of an individual who fears torture or persecution at the hands of the PRC, thus showing that his U.S. citizenship was secured through false pretenses," the memo said.

👀 👉🏼 https://www.cnbc.com/2020/09/21/nypd-cop-charged-with-acting-as-china-agent.html

#nypd #cop #charged #china #tibet #agent #spy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Interview with Tutanota - Please submit your questions for our interview!

The e-mail provider "Tutanota" in an interview. How secure is the German mail provider really? How do they deal with the DDoS attacks?

The well-known German e-mail provider "Tutanota" for you in an interview. The past weeks were not easy for the German mail provider based in Hannover, which is very popular with many people. Serious DDoS attacks in the past few weeks have made it impossible for users to retrieve their mails from time to time. Even the Tutanota website was partially unavailable. But one does not give up: "now we have to fight for our right to privacy".

👀 👉🏼 Translated from 🇩🇪 with DeepL:
https://tarnkappe.info/tutanota-im-interview-bitte-fragen-fuer-ein-interview-einreichen/

#tutanota #email #interview
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Killed by Mozilla - A list of discontinued Mozilla products and services.

👉🏼 Inspired by Killed by Google 👈🏼
https://killedbygoogle.com/

👉🏼 Killed by Mozilla 👈🏼
https://killedbymozilla.com/

#mozilla #google #killed #graveyard
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

A new release of UntrackMe is available!

💡 Added:

✅ Use Bibliogram instances API
✅ Latency measurement for custom instances

👉🏼 Get the lite version
https://framadrive.org/s/CCafTK3BSSTPES7/download?path=%2F1.15.0%2F&files=app-lite-debug.apk

👉🏼 Get the full links version
https://framadrive.org/s/CCafTK3BSSTPES7/download?path=%2F1.15.0%2F&files=app-fullLinks-debug.apk

👀 👉🏼 https://toot.fedilab.app/@UntrackMe/104909568634924386

👀 👉🏼 https://framagit.org/tom79/nitterizeme

#UntrackMe #android #apk #update
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Despite past denials, LAPD has used facial recognition software 30,000 times in last decade, records show

The Los Angeles Police Department has used facial recognition software nearly 30,000 times since 2009, with hundreds of officers running images of suspects from surveillance cameras and other sources against a massive database of mug shots taken by law enforcement.

The new figures, released to The Times, reveal for the first time how commonly facial recognition is used in the department, which for years has provided vague and contradictory information about how and whether it uses the technology.

The LAPD has consistently denied having records related to facial recognition, and at times denied using the technology at all.

The truth is that, while it does not have its own facial recognition platform, LAPD personnel have access to facial recognition software through a regional database maintained by the Los Angeles County Sheriff’s Department. And between Nov. 6, 2009, and Sept. 11 of this year, LAPD officers used the system’s software 29,817 times.

👀 👉🏼 https://www.latimes.com/california/story/2020-09-21/lapd-controversial-facial-recognition-software

#lapd #usa #facial #recognition #software #surveillance #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag