Audio
๐ง Steganography enables sophisticated OceanLotus payloads.
Researchers at Blackberry Cylance have been tracking payload obfuscation techniques employed by OceanLotus (APT32), specifically steganography used to hide code within seemingly benign image files. Tom Bonner is director of threat research at Blackberry Cylance, and he joins us to share their findings.
๐ป #ResearchSaturday #Steganography #OceanLotus #payloads #podcast
https://www.thecyberwire.com/podcasts/cw-podcasts-rs-2019-05-11.html
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
Researchers at Blackberry Cylance have been tracking payload obfuscation techniques employed by OceanLotus (APT32), specifically steganography used to hide code within seemingly benign image files. Tom Bonner is director of threat research at Blackberry Cylance, and he joins us to share their findings.
๐ป #ResearchSaturday #Steganography #OceanLotus #payloads #podcast
https://www.thecyberwire.com/podcasts/cw-podcasts-rs-2019-05-11.html
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
Product placement
Did you get the advertising message?
From "House of Cards" to "Stranger Things": Streaming services like Netflix and Amazon manipulate their audience with advertising - almost unnoticed.
Every viewer of the Netflix horror series Stranger Things knows that the favourite food of the mysterious main character Eleven is Eggo's ready-made wafers. Not only because the girl constantly feeds the waffles, the waffles also play a leading role in several scenes and already at the end of the first season give the viewer an indication of Eleven's serial fate. Even in the mobile phone game for the series you have to collect the waffles, and the viewer is also unusually well informed about the culinary preferences of other characters: The high school boy Steve Harrington loves Fast Food by Kentucky Fried Chicken, as he reveals in the first episode of the second season. An entire scene is set up around a table full of clearly visible cups and cardboard buckets from the restaurant chain. "I love KFC," says Steve Harrington and then even says the official advertising slogan in the English language: "It's finger lickin' good."
Streaming services like Netflix or Amazon Prime Video don't show advertising blocks like linear television, but they're still not free of advertising. A large part of the own productions of the streaming services as well as the purchased contents contain product placements. At Netflix it is said to be about three quarters, at Amazon almost all.
Even in the science fiction series "The Expanse", whose told world has little to do with the present, a few Fedex containers were accommodated. Often the clothes of the characters look conspicuously like the collection of a fashion discounter. Currently, fans of the fantasy series "Game of Thrones" are discussing whether a Starbuck's coffee mug that has accidentally been left on the set could be surreptitious advertising. And Frank Underwood from the Netflix series "House of Cards" regularly played real-life computer games and talked to other characters about them when he wasn't training with his Waterrower, a rowing machine with a real water tank. Allegedly, the sales figures of the training device rose steeply at the start of every new season of the series.
Currently fans of "Game of Thrones" are discussing a Starbuck's coffee mug
Product placement is a billion market. Also because the important target group of under 50s with above-average incomes is difficult to reach via linear television. They often have subscriptions to streaming services and no TV at all. This is why there are now agencies such as Saint Elmo's that specialise in placing products in digital entertainment formats. The company's website says: "Your advertising messages don't reach the target group? Stop advertising - start with content marketing! Your advertising is more effective if it is not perceived as such. But as exciting, useful, contemporary content. Then it also works with the target group." This often works very well - the serial producers have little inhibitions to use real existing waffles as plotter elements or an advertising slogan as punchline.
There could only be problems with German law. For streaming services, the State Broadcasting Treaty is applied here, according to which product placements are permitted, but must be marked at the beginning of the programme. Illegal surreptitious advertising occurs when the product placement is not marked or "if it takes place in return for payment or similar consideration". So are Elevens Eggos and Steve Harrington's chicken legs surreptitious advertising? Netflix has included a reference to product placement before many of its formats as required in the broadcasting contract.
Did you get the advertising message?
From "House of Cards" to "Stranger Things": Streaming services like Netflix and Amazon manipulate their audience with advertising - almost unnoticed.
Every viewer of the Netflix horror series Stranger Things knows that the favourite food of the mysterious main character Eleven is Eggo's ready-made wafers. Not only because the girl constantly feeds the waffles, the waffles also play a leading role in several scenes and already at the end of the first season give the viewer an indication of Eleven's serial fate. Even in the mobile phone game for the series you have to collect the waffles, and the viewer is also unusually well informed about the culinary preferences of other characters: The high school boy Steve Harrington loves Fast Food by Kentucky Fried Chicken, as he reveals in the first episode of the second season. An entire scene is set up around a table full of clearly visible cups and cardboard buckets from the restaurant chain. "I love KFC," says Steve Harrington and then even says the official advertising slogan in the English language: "It's finger lickin' good."
Streaming services like Netflix or Amazon Prime Video don't show advertising blocks like linear television, but they're still not free of advertising. A large part of the own productions of the streaming services as well as the purchased contents contain product placements. At Netflix it is said to be about three quarters, at Amazon almost all.
Even in the science fiction series "The Expanse", whose told world has little to do with the present, a few Fedex containers were accommodated. Often the clothes of the characters look conspicuously like the collection of a fashion discounter. Currently, fans of the fantasy series "Game of Thrones" are discussing whether a Starbuck's coffee mug that has accidentally been left on the set could be surreptitious advertising. And Frank Underwood from the Netflix series "House of Cards" regularly played real-life computer games and talked to other characters about them when he wasn't training with his Waterrower, a rowing machine with a real water tank. Allegedly, the sales figures of the training device rose steeply at the start of every new season of the series.
Currently fans of "Game of Thrones" are discussing a Starbuck's coffee mug
Product placement is a billion market. Also because the important target group of under 50s with above-average incomes is difficult to reach via linear television. They often have subscriptions to streaming services and no TV at all. This is why there are now agencies such as Saint Elmo's that specialise in placing products in digital entertainment formats. The company's website says: "Your advertising messages don't reach the target group? Stop advertising - start with content marketing! Your advertising is more effective if it is not perceived as such. But as exciting, useful, contemporary content. Then it also works with the target group." This often works very well - the serial producers have little inhibitions to use real existing waffles as plotter elements or an advertising slogan as punchline.
There could only be problems with German law. For streaming services, the State Broadcasting Treaty is applied here, according to which product placements are permitted, but must be marked at the beginning of the programme. Illegal surreptitious advertising occurs when the product placement is not marked or "if it takes place in return for payment or similar consideration". So are Elevens Eggos and Steve Harrington's chicken legs surreptitious advertising? Netflix has included a reference to product placement before many of its formats as required in the broadcasting contract.
In the new directives for audiovisual media adopted by the European Parliament in 2018 but not yet implemented, the existing provisions on the handling of advertising were extended to streaming services. Children in particular should then be better protected from advertising. According to the new directives, product placements are still permitted if they are labelled accordingly and the product is not highlighted.
Until the Directives have been converted into national law, the Interstate Broadcasting Treaty, which has already been applied in one case, will apply: Earlier this year, the Bavarian Regulatory Authority for New Media (BLM) prohibited Amazon Prime Video from providing an episode of the eighth season of "Pastewka" on suspicion of surreptitious advertising. The episode was largely set in a media market. The production company Brainpool denied a product placement, the electronics market had been rented. Media Markt also denied having booked a product placement. The case has now been resolved out of court: Amazon shows a new cut of the episode, with which BLM also agrees.
And then, of course, there's the free mobile game until the next season starts.
However, product placement and surreptitious advertising is not only a legal issue. The embedding of products and the linking of different content and media simply corresponds to the logic of such platforms for digital content. The free mobile game to "Stranger Things" is not only a nice pastime until the next season, but also expands the environment for possible advertising content and binds viewers to the digital infrastructure of companies. This is because the game is likely to be played on a device on which the Netflix app is installed. It's not far from the game to the next series marathon. For a company like Amazon, product placements in its Prime Video content offer completely different possibilities than just customer retention: The Internet department store, which Amazon still is first and foremost, is only a few clicks away.
If products can be placed in this way, would political influence on the content of streaming services not also be conceivable? Can't ideologies be integrated into fictional content in the same way, or even more subtly? This is not yet a problem for the large streaming services, as they defend themselves against overly clear political positioning in order to reach as many viewers as possible. But in social networks, political messages - often wrapped in seemingly harmless parodies or memes - in combination with scandalizing algorithms have become a big problem.
There are websites like Infowars that have recognized these possibilities in digital space at an early stage and sell the right survival equipment for their lurid catastrophe news. The product placements show the power of manipulation inherent in digital media. The paragraphs of the Interstate Broadcasting Treaty alone are not enough to get a grip on this.
https://www.sueddeutsche.de/medien/netflix-amazon-streaming-product-placement-1.4441198
#netflix #amazon #DeleteAmazon #streaming #advertising #manipulation #why
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
Until the Directives have been converted into national law, the Interstate Broadcasting Treaty, which has already been applied in one case, will apply: Earlier this year, the Bavarian Regulatory Authority for New Media (BLM) prohibited Amazon Prime Video from providing an episode of the eighth season of "Pastewka" on suspicion of surreptitious advertising. The episode was largely set in a media market. The production company Brainpool denied a product placement, the electronics market had been rented. Media Markt also denied having booked a product placement. The case has now been resolved out of court: Amazon shows a new cut of the episode, with which BLM also agrees.
And then, of course, there's the free mobile game until the next season starts.
However, product placement and surreptitious advertising is not only a legal issue. The embedding of products and the linking of different content and media simply corresponds to the logic of such platforms for digital content. The free mobile game to "Stranger Things" is not only a nice pastime until the next season, but also expands the environment for possible advertising content and binds viewers to the digital infrastructure of companies. This is because the game is likely to be played on a device on which the Netflix app is installed. It's not far from the game to the next series marathon. For a company like Amazon, product placements in its Prime Video content offer completely different possibilities than just customer retention: The Internet department store, which Amazon still is first and foremost, is only a few clicks away.
If products can be placed in this way, would political influence on the content of streaming services not also be conceivable? Can't ideologies be integrated into fictional content in the same way, or even more subtly? This is not yet a problem for the large streaming services, as they defend themselves against overly clear political positioning in order to reach as many viewers as possible. But in social networks, political messages - often wrapped in seemingly harmless parodies or memes - in combination with scandalizing algorithms have become a big problem.
There are websites like Infowars that have recognized these possibilities in digital space at an early stage and sell the right survival equipment for their lurid catastrophe news. The product placements show the power of manipulation inherent in digital media. The paragraphs of the Interstate Broadcasting Treaty alone are not enough to get a grip on this.
https://www.sueddeutsche.de/medien/netflix-amazon-streaming-product-placement-1.4441198
#netflix #amazon #DeleteAmazon #streaming #advertising #manipulation #why
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
Forwarded from cRyPtHoNโข INFOSEC (DE)
Media is too big
VIEW IN TELEGRAM
๐บ Software-Rebellen - Die Macht des Teilens
Auf dem Softwaremarkt stehen sich zwei Modelle gegenรผber: die sogenannte proprietรคre Software der groรen Unternehmen und die freie Software, die allen Bรผrgern kostenlos zur Verfรผgung steht. Die Doku zeigt anhand von Beispielen aus Indien, den USA und Europa, wie anonyme Entwickler und bekannte Persรถnlichkeiten versuchen, einer neuen Art des Wissenskapitalismus entgegenzuwirken.
๐บ #Software #Rebellen Die Macht des Teilens #Doku #ArteF #Video #Podcast
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
Auf dem Softwaremarkt stehen sich zwei Modelle gegenรผber: die sogenannte proprietรคre Software der groรen Unternehmen und die freie Software, die allen Bรผrgern kostenlos zur Verfรผgung steht. Die Doku zeigt anhand von Beispielen aus Indien, den USA und Europa, wie anonyme Entwickler und bekannte Persรถnlichkeiten versuchen, einer neuen Art des Wissenskapitalismus entgegenzuwirken.
๐บ #Software #Rebellen Die Macht des Teilens #Doku #ArteF #Video #Podcast
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
F-Droid: Free and Open Source Apps - Take back control! (Part 5)
1. app store with class
By installing LineageOS, we have abandoned our proprietary Android systems and taken control of outbound data traffic with AFWall+. But our journey is far from over, because to get rid of Google and to regain control we have to break away from the Google Play Store.
Most apps from the Google Play Store contain an above-average number of tracker and advertising modules. In the foreseeable future, this business model will probably not change because Android is a self-service data store with which (questionable) developers make a lot of money. Indirectly, Google also earns a lot of money - so Android users can wait in vain for an improvement.
In this article I would like to introduce you to the alternatives App-Store F-Droid. F-Droid is a consumer-friendly alternative to Google's Play Store, which only offers "free" and "open source" apps for download. The two properties "free" and "open source" mean basically nothing else than that the app source code can be viewed, used, changed and further developed by anyone. With its strict "Free Open Source Software (FOSS)" concept, F-Droid clearly sets itself apart from the Google Play Store and other comparable stores.
2. F-Droid Store
In the long run, your goal should be to replace the proprietary apps from the Google Play Store with open source apps from the F-Droid Store, which neither transmit unsolicited sensitive data nor are crammed with tracker and advertising modules. In my experience, it's far less work to resort to privacy-friendly apps from the outset than to teach data-hungry apps or services to "behave". For this reason, the main source for your apps should be the F-Droid Store, because the article series "Take back control!
2.1 The lack of transparency of data processing
In my opinion, we can only achieve the greatest possible control over our data if we or other people (except the app developer) are able to understand the functionality of the installed apps. Furthermore, by disclosing the source code, a developer shows that he does not (only) have financial interests in the foreground and also signals that he does not want to "hide" anything with regard to the program code. This openness is an essential step towards more transparency of the application.
And yes, I am aware that some apps are so complex that even the openness of the developers described above does not guarantee that there are no mysterious code snippets hidden in the source code of the app, whose meaningfulness and meaning can hardly be explained. Therefore, you can never be 100% sure that the app will spy on you even with these apps. Therefore we should not blindly trust the FOSS apps.
In my opinion, however, the disclosure of the source code is a step in the right direction, because it allows someone with the appropriate resources to check the code themselves and, if necessary, adapt it to their needs. A big disadvantage of the mostly proprietary apps, which are located in the Google Play Store, is the lack of transparency of data processing. Because with these proprietary apps we don't know and often can't check what they actually do (without our knowledge).
Under references I list various security and data protection problems. More than half of the entries listed there concern proprietary apps from the Google Play Store. With this in mind, I think it's essential to get as many apps as possible from the F-Droid Store, even if we have to cut back on app selection there. I am aware that this is not always easy. But in the sense of the article series "Take back control! a desirable and necessary goal.
1. app store with class
By installing LineageOS, we have abandoned our proprietary Android systems and taken control of outbound data traffic with AFWall+. But our journey is far from over, because to get rid of Google and to regain control we have to break away from the Google Play Store.
Most apps from the Google Play Store contain an above-average number of tracker and advertising modules. In the foreseeable future, this business model will probably not change because Android is a self-service data store with which (questionable) developers make a lot of money. Indirectly, Google also earns a lot of money - so Android users can wait in vain for an improvement.
In this article I would like to introduce you to the alternatives App-Store F-Droid. F-Droid is a consumer-friendly alternative to Google's Play Store, which only offers "free" and "open source" apps for download. The two properties "free" and "open source" mean basically nothing else than that the app source code can be viewed, used, changed and further developed by anyone. With its strict "Free Open Source Software (FOSS)" concept, F-Droid clearly sets itself apart from the Google Play Store and other comparable stores.
2. F-Droid Store
In the long run, your goal should be to replace the proprietary apps from the Google Play Store with open source apps from the F-Droid Store, which neither transmit unsolicited sensitive data nor are crammed with tracker and advertising modules. In my experience, it's far less work to resort to privacy-friendly apps from the outset than to teach data-hungry apps or services to "behave". For this reason, the main source for your apps should be the F-Droid Store, because the article series "Take back control!
2.1 The lack of transparency of data processing
In my opinion, we can only achieve the greatest possible control over our data if we or other people (except the app developer) are able to understand the functionality of the installed apps. Furthermore, by disclosing the source code, a developer shows that he does not (only) have financial interests in the foreground and also signals that he does not want to "hide" anything with regard to the program code. This openness is an essential step towards more transparency of the application.
And yes, I am aware that some apps are so complex that even the openness of the developers described above does not guarantee that there are no mysterious code snippets hidden in the source code of the app, whose meaningfulness and meaning can hardly be explained. Therefore, you can never be 100% sure that the app will spy on you even with these apps. Therefore we should not blindly trust the FOSS apps.
In my opinion, however, the disclosure of the source code is a step in the right direction, because it allows someone with the appropriate resources to check the code themselves and, if necessary, adapt it to their needs. A big disadvantage of the mostly proprietary apps, which are located in the Google Play Store, is the lack of transparency of data processing. Because with these proprietary apps we don't know and often can't check what they actually do (without our knowledge).
Under references I list various security and data protection problems. More than half of the entries listed there concern proprietary apps from the Google Play Store. With this in mind, I think it's essential to get as many apps as possible from the F-Droid Store, even if we have to cut back on app selection there. I am aware that this is not always easy. But in the sense of the article series "Take back control! a desirable and necessary goal.
2.2 F-Droid Store Features
With the F-Droid Store, an alternative app store has established itself. Critical users who value free and open source applications will particularly benefit from the FOSS apps available there. The lower selection of apps in the F-Droid Store compared to the Google Play Store may seem a bit "frightening" at first glance. Apps, which you know from the Google Play Store so far, you will probably search in F-Droid in vain. In the F-Droid Store, however, you'll also find useful open source alternatives to most of Google Play's apps, which you should definitely give a chance to
Especially users, for whom data protection or the protection of secrets plays an important role, such as lawyers or doctors, should always take care for ethical reasons alone not to install (proprietary) apps, where the data processing is intransparent and thus there is always the danger that apps access information of their clients or patients, which in turn can also be associated with criminal and professional consequences.
Despite the sympathy I have for F-Droid Store, I don't want to hide the fact that this alternative app distribution channel also has a few special features and "shortcomings", which are briefly described in the following:
Use at your own risk:
In the terms of use for the F-Droid Store, the operators point out that despite all efforts they cannot completely guarantee that no malware is offered through the F-Droid Store.
However, before releasing an app, F-Droid operators check the source code of the app to be discontinued for potential security or "privacy" issues. If they don't find any problems, compile them and make the app available in the F-Droid Store. Because this procedure is not a deep or complete "code audit", the F-Droid Store should not be seen as a guarantee for a malware-free marketplace. Rather, we must always have a healthy mistrust of these apps as well. The question as to whether an app is defective or not can often only be answered by extensive and extensive long-term tests of the app.
The F-Droid operator (understandably) cannot and will not perform these tests. A first "shortcoming" of the F-Droid Store is therefore that a new app to be discontinued is generally not or cannot be fully tested. This is different, at least according to Google, e.g. at the Google Play Store. Before a new app is added to the Google Play Store, so-called bouncers automatically check it for "malware". The apps are executed in a virtual environment (similar to antivirus scanners) and screened by the main system for their behavior and functionality. This measure sounds very promising, but as the following examples illustrate, Google cannot guarantee a malware-free store:
With the F-Droid Store, an alternative app store has established itself. Critical users who value free and open source applications will particularly benefit from the FOSS apps available there. The lower selection of apps in the F-Droid Store compared to the Google Play Store may seem a bit "frightening" at first glance. Apps, which you know from the Google Play Store so far, you will probably search in F-Droid in vain. In the F-Droid Store, however, you'll also find useful open source alternatives to most of Google Play's apps, which you should definitely give a chance to
Especially users, for whom data protection or the protection of secrets plays an important role, such as lawyers or doctors, should always take care for ethical reasons alone not to install (proprietary) apps, where the data processing is intransparent and thus there is always the danger that apps access information of their clients or patients, which in turn can also be associated with criminal and professional consequences.
Despite the sympathy I have for F-Droid Store, I don't want to hide the fact that this alternative app distribution channel also has a few special features and "shortcomings", which are briefly described in the following:
Use at your own risk:
In the terms of use for the F-Droid Store, the operators point out that despite all efforts they cannot completely guarantee that no malware is offered through the F-Droid Store.
However, before releasing an app, F-Droid operators check the source code of the app to be discontinued for potential security or "privacy" issues. If they don't find any problems, compile them and make the app available in the F-Droid Store. Because this procedure is not a deep or complete "code audit", the F-Droid Store should not be seen as a guarantee for a malware-free marketplace. Rather, we must always have a healthy mistrust of these apps as well. The question as to whether an app is defective or not can often only be answered by extensive and extensive long-term tests of the app.
The F-Droid operator (understandably) cannot and will not perform these tests. A first "shortcoming" of the F-Droid Store is therefore that a new app to be discontinued is generally not or cannot be fully tested. This is different, at least according to Google, e.g. at the Google Play Store. Before a new app is added to the Google Play Store, so-called bouncers automatically check it for "malware". The apps are executed in a virtual environment (similar to antivirus scanners) and screened by the main system for their behavior and functionality. This measure sounds very promising, but as the following examples illustrate, Google cannot guarantee a malware-free store:
Google Play:
Millions of camera apps steal photos (February 2019)
For the F-Droid Store, however, I don't know yet that a faulty app has been found so far. A little exaggerated, one can conclude that F-Droid actually seems to be the "malware-free" store.
Delayed (security) updates:
In contrast to the Google Play Store, app developers in the F-Droid Store have practically no control / no influence over the release and update process of their app. Rather, maintainers are responsible for posting the releases and updates of the apps in the F-Droid Store. If the maintainer is negligent or "prevented" from doing so, this can result in the worst-case scenario where security holes in apps that have become known are not reacted to promptly, even though the developer has already closed them. At least for many apps we can rely on the fact that an app maintainer has not made any changes to the source code that could have a negative effect on our data or device. F-Droid supports Reproducible_Builds.
Weak spots:
Like all software, F-Droid has to struggle with bugs that can lead to security vulnerabilities. In early 2015, a security audit of the F-Droid App and the service infrastructure identified a number of security vulnerabilities, all of which were promptly addressed. Security vulnerabilities are generally unavoidable. Rather, one must simply reckon with the fact that each software has some gaps. It is therefore all the more important to deal with them professionally once any security vulnerabilities have become known. Since the F-Droid team deals professionally and openly with the vulnerabilities found, this is a good indication that the team is aware of its responsibility. Also worthy of positive mention are the continuous security audits. The last audit, for example, is dated September 2018.
Despite the above-mentioned aspects, which I regard as "shortcomings", I would like to mention a special feature or "service" of the F-Droid Store. This special feature is due to the FOSS apps included in the F-Droid Store. Due to the fact that basically everyone at FOSS-Apps is able to change the source code under certain conditions, the F-Droid team makes use of this option from time to time. It sometimes (arbitrarily) removes so-called "antifeatures" from the original app version. One of the antifeatures in apps is the F-Droid project:
โ Ads (advertising)
โ tracking
โ NonFreeNet (uses non-free services in the network)
โ NonFreeAdd (recommends non-free add-ons)
โ NonFreeDep (depends on non-free components such as Google Play Services)
โ UpstreamNonFree (missing functionalities because non-free components had to be removed)
โ NonFreeAssets (contains non-free components - mostly multimedia data under non-free license)
A prominent example in which the team of the F-Droid Store became active and removed corresponding antifeatures from the corresponding app was the Telegram Messenger. The team issued a message to this effect:
Millions of camera apps steal photos (February 2019)
https://www.heise.de/security/meldung/Google-Play-Millionenfach-verbreitete-Kamera-Apps-klauen-Fotos-4295992.htmlFake app in Google's Play Store should steal crypto money (February 2019)
https://www.heise.de/newsticker/meldung/Fake-App-in-Googles-Play-Store-sollte-Kryptogeld-stehlen-4304280.htmlTrojan apps discovered with 4.5 million downloads in Google Play (January 2018)
https://www.heise.de/security/meldung/Trojaner-Apps-mit-4-5-Millionen-Downloads-in-Google-Play-entdeckt-3952145.htmlOne million Android users download false WhatsApp messenger from Google Play (November 2017)
https://www.heise.de/security/meldung/Eine-Million-Android-Nutzer-laden-falschen-WhatsApp-Messenger-aus-Google-Play-3880190.htmlAndroid spyware undetected in Play Store for three years (April 2014)
https://www.heise.de/security/meldung/Android-Spyware-drei-Jahre-lang-im-Play-Store-unentdeckt-3691154.html[โฆ]
For the F-Droid Store, however, I don't know yet that a faulty app has been found so far. A little exaggerated, one can conclude that F-Droid actually seems to be the "malware-free" store.
Delayed (security) updates:
In contrast to the Google Play Store, app developers in the F-Droid Store have practically no control / no influence over the release and update process of their app. Rather, maintainers are responsible for posting the releases and updates of the apps in the F-Droid Store. If the maintainer is negligent or "prevented" from doing so, this can result in the worst-case scenario where security holes in apps that have become known are not reacted to promptly, even though the developer has already closed them. At least for many apps we can rely on the fact that an app maintainer has not made any changes to the source code that could have a negative effect on our data or device. F-Droid supports Reproducible_Builds.
Weak spots:
Like all software, F-Droid has to struggle with bugs that can lead to security vulnerabilities. In early 2015, a security audit of the F-Droid App and the service infrastructure identified a number of security vulnerabilities, all of which were promptly addressed. Security vulnerabilities are generally unavoidable. Rather, one must simply reckon with the fact that each software has some gaps. It is therefore all the more important to deal with them professionally once any security vulnerabilities have become known. Since the F-Droid team deals professionally and openly with the vulnerabilities found, this is a good indication that the team is aware of its responsibility. Also worthy of positive mention are the continuous security audits. The last audit, for example, is dated September 2018.
Despite the above-mentioned aspects, which I regard as "shortcomings", I would like to mention a special feature or "service" of the F-Droid Store. This special feature is due to the FOSS apps included in the F-Droid Store. Due to the fact that basically everyone at FOSS-Apps is able to change the source code under certain conditions, the F-Droid team makes use of this option from time to time. It sometimes (arbitrarily) removes so-called "antifeatures" from the original app version. One of the antifeatures in apps is the F-Droid project:
โ Ads (advertising)
โ tracking
โ NonFreeNet (uses non-free services in the network)
โ NonFreeAdd (recommends non-free add-ons)
โ NonFreeDep (depends on non-free components such as Google Play Services)
โ UpstreamNonFree (missing functionalities because non-free components had to be removed)
โ NonFreeAssets (contains non-free components - mostly multimedia data under non-free license)
A prominent example in which the team of the F-Droid Store became active and removed corresponding antifeatures from the corresponding app was the Telegram Messenger. The team issued a message to this effect:
"Several proprietary parts were removed from the original Telegram client, including Google Play Services for the location services and HockeySDK for self- updates. Push notifications through Google Cloud Messaging and the automatic SMS receiving features were also removed."
The approach of the F-Droid team to do without services or functions that are not exactly conducive to "data protection" or to remove them from the source code has additionally encouraged me in my decision to choose F-Droid as the app source for the article series "Take back control!
3. starting with F-Droid
First you have to download the F-Droid Store as an APK file to your computer. Just open the F-Droid page and click on the button Download F-Droid. https://f-droid.org/FDroid.apk
Download:
First download the latest version of F-Droid directly from the website. Click on the button labeled Download F-Droid.
https://f-droid.org
PGP Signature:
Optionally you can check the PGP signature of the downloaded APK file to make sure that the file has not been corrupted or modified. First you have to import the public F-Droid-Signing-Key:
Main fingerprint =
If the PGP signature matches you can copy the APK file via USB cable to the device. On your device you can tap the file and start the installation. A warning will appear in Android before installing F-Droid. This mechanism should prevent you from accidentally installing apps from "unknown sources" (far away from the Google Play Store) and catching malware. The hint is confirmed with a tap on Next and the installation is completed.
3.1 F-Droid in action
After the first start of the F-Droid app no apps will be displayed. You first have to update the so-called package sources (a list of available apps with their descriptions) by wiping the screen from top to bottom with one finger. https://de.wikipedia.org/wiki/Repository
The message "Package sources are being updated" will then appear at the top of the screen. Depending on the Internet connection and the load of the F-Droid servers, the process may take one to two minutes. In order for this process to happen automatically in the future, we select the "Options" menu at the bottom of the screen. Recommended settings:
โ (Optional) Via mobile network:
slider all the way to the left (to conserve data volume)
โ Automatic update interval:
Daily
Under package sources you should additionally select F-Droid archives.
You can then browse for apps using the "Categories" menu at the bottom of the screen. The apps are arranged in different categories like internet, multimedia or navigation.
If you have found an app and want to install it, just click on the blue download arrow next to the app name to start the download. As soon as the app is on your device, the arrow turns into a button labeled Install. You will then be asked again if you really want to install the app and all permissions of an app will be listed. Even if we are not aware of any "abuse" of the permissions of an F-Droid app, you should always check the permissions before each installation.
4. app suggestions
Due to the lack of transparency of the entire data processing of a smartphone, it is extremely time-consuming to determine which data the smartphone (actually) processes or sends. The same applies, of course, to the apps used in the Google Play Store. Most of these apps are closed source as shown above and therefore do not allow (without further technical aids) an insight into the actual data processing or which data is transmitted during use.
The approach of the F-Droid team to do without services or functions that are not exactly conducive to "data protection" or to remove them from the source code has additionally encouraged me in my decision to choose F-Droid as the app source for the article series "Take back control!
3. starting with F-Droid
First you have to download the F-Droid Store as an APK file to your computer. Just open the F-Droid page and click on the button Download F-Droid. https://f-droid.org/FDroid.apk
Download:
First download the latest version of F-Droid directly from the website. Click on the button labeled Download F-Droid.
https://f-droid.org
PGP Signature:
Optionally you can check the PGP signature of the downloaded APK file to make sure that the file has not been corrupted or modified. First you have to import the public F-Droid-Signing-Key:
pg --keyserver pgp.mit.edu --recv-keys 0x41e7044e1dba2e89The fingerprint can then be checked:
gpg --verify FDroid.apk.asc FDroid.apk
Is the main and sub fingerprints identical to those on the F-Droid website?Main fingerprint =
37D2 C987 89D8 3119 4839 4E3E 41E7 044E 1DBA 2E89
Under fingerprint = 802A 9799 0161 1234 6E1F EFF4 7A02 9E54 DD5D CE7A
Installation: If the PGP signature matches you can copy the APK file via USB cable to the device. On your device you can tap the file and start the installation. A warning will appear in Android before installing F-Droid. This mechanism should prevent you from accidentally installing apps from "unknown sources" (far away from the Google Play Store) and catching malware. The hint is confirmed with a tap on Next and the installation is completed.
3.1 F-Droid in action
After the first start of the F-Droid app no apps will be displayed. You first have to update the so-called package sources (a list of available apps with their descriptions) by wiping the screen from top to bottom with one finger. https://de.wikipedia.org/wiki/Repository
The message "Package sources are being updated" will then appear at the top of the screen. Depending on the Internet connection and the load of the F-Droid servers, the process may take one to two minutes. In order for this process to happen automatically in the future, we select the "Options" menu at the bottom of the screen. Recommended settings:
โ (Optional) Via mobile network:
slider all the way to the left (to conserve data volume)
โ Automatic update interval:
Daily
Under package sources you should additionally select F-Droid archives.
You can then browse for apps using the "Categories" menu at the bottom of the screen. The apps are arranged in different categories like internet, multimedia or navigation.
If you have found an app and want to install it, just click on the blue download arrow next to the app name to start the download. As soon as the app is on your device, the arrow turns into a button labeled Install. You will then be asked again if you really want to install the app and all permissions of an app will be listed. Even if we are not aware of any "abuse" of the permissions of an F-Droid app, you should always check the permissions before each installation.
4. app suggestions
Due to the lack of transparency of the entire data processing of a smartphone, it is extremely time-consuming to determine which data the smartphone (actually) processes or sends. The same applies, of course, to the apps used in the Google Play Store. Most of these apps are closed source as shown above and therefore do not allow (without further technical aids) an insight into the actual data processing or which data is transmitted during use.
It would be an illusion to believe that app providers always process our data for our own benefit. Rather, anyone who is familiar with the current business models of providers and manufacturers should be aware that the opposite is the case. Very often the "protagonists" exchange the data we collect with each other for commercial purposes without us noticing it, let alone preventing it. In this respect, it is essential and almost a duty for every data protection-conscious user to question for himself whether he might not want to do better without the proprietary apps.
Therefore, our goal should be to replace as many apps as possible with privacy friendly alternatives. To show what I think makes a "privacy friendly" app, I have summarized the main criteria of a privacy friendly app:
โ Ideally, the app will not communicate with the manufacturer or provider (not even for the transmission of "meaningless" telemetry data).
โ Transparency through open source code and, if applicable, corresponding, transparent data protection declaration.
โ Request the (only) necessary access permissions necessary for the app to work for its intended purpose.
โ Data economy (processing as little data as possible or only the data that is really necessary for the functionality of the app).
โ Possibilities to disagree with corresponding data processing.
โ Apps that help prevent us from having to disclose our information to anyone, e.g. by using encryption measures to ensure that providers of other apps do not use these apps to gain unsolicited access to our data.
These are, of course, high standards that I apply here. In this context, however, we should perhaps recall the stated objective of the series of articles: To regain control of our data.
4.1 Recommended Apps
At the risk that this part of the article loses its topicality too quickly, I refer to the recommendation corner. There all privacy friendly apps from the F-Droid Store will be listed and constantly updated. https://www.kuketz-blog.de/empfehlungsecke/#android
The app selection should only cover the "basics" to make it easier for you to switch to privacy friendly apps. In F-Droid there are of course many more apps and alternatives to discover. Tastes are different and not every app I recommend will please the individual. So my advice to you is to browse the F-Droid Store and find your own apps that will suit your taste best.
5. further App-Stores
If you buy a large part of your apps exclusively from the F-Droid Store, you will come much closer to the noble goal of having control over your own data on a smartphone.
Admittedly, the transition to the F-Droid Store is not easy. This is less due to the poor usability of this store than to the comparatively small range of apps. We won't find current (blockbuster) games or "trend apps", such as WhatsApp, in the F-Droid Store, because as shown, we only find free and open source apps in the F-Droid Store.
5.1 Yalp Store
The Google Play Store is usually accessed via the "Play Store" app. In F-Droid, however, we find an alternative that avoids Google dependencies and can also be interesting for users of a custom ROM if no Google Services Framework is installed. The Yalp Store app available in the F-Droid allows you to download apps (or APKs) directly from the Google Play Store. However, when using this app, we are in a grey area or an area that has not yet been conclusively clarified in legal terms. This is especially because the Yalp Store is not officially offered by Google or originated by Google, but only the Play Store API is used to access this app / service. This is basically a violation of the terms of use of the Play Store:
Therefore, our goal should be to replace as many apps as possible with privacy friendly alternatives. To show what I think makes a "privacy friendly" app, I have summarized the main criteria of a privacy friendly app:
โ Ideally, the app will not communicate with the manufacturer or provider (not even for the transmission of "meaningless" telemetry data).
โ Transparency through open source code and, if applicable, corresponding, transparent data protection declaration.
โ Request the (only) necessary access permissions necessary for the app to work for its intended purpose.
โ Data economy (processing as little data as possible or only the data that is really necessary for the functionality of the app).
โ Possibilities to disagree with corresponding data processing.
โ Apps that help prevent us from having to disclose our information to anyone, e.g. by using encryption measures to ensure that providers of other apps do not use these apps to gain unsolicited access to our data.
These are, of course, high standards that I apply here. In this context, however, we should perhaps recall the stated objective of the series of articles: To regain control of our data.
4.1 Recommended Apps
At the risk that this part of the article loses its topicality too quickly, I refer to the recommendation corner. There all privacy friendly apps from the F-Droid Store will be listed and constantly updated. https://www.kuketz-blog.de/empfehlungsecke/#android
The app selection should only cover the "basics" to make it easier for you to switch to privacy friendly apps. In F-Droid there are of course many more apps and alternatives to discover. Tastes are different and not every app I recommend will please the individual. So my advice to you is to browse the F-Droid Store and find your own apps that will suit your taste best.
5. further App-Stores
If you buy a large part of your apps exclusively from the F-Droid Store, you will come much closer to the noble goal of having control over your own data on a smartphone.
Admittedly, the transition to the F-Droid Store is not easy. This is less due to the poor usability of this store than to the comparatively small range of apps. We won't find current (blockbuster) games or "trend apps", such as WhatsApp, in the F-Droid Store, because as shown, we only find free and open source apps in the F-Droid Store.
5.1 Yalp Store
The Google Play Store is usually accessed via the "Play Store" app. In F-Droid, however, we find an alternative that avoids Google dependencies and can also be interesting for users of a custom ROM if no Google Services Framework is installed. The Yalp Store app available in the F-Droid allows you to download apps (or APKs) directly from the Google Play Store. However, when using this app, we are in a grey area or an area that has not yet been conclusively clarified in legal terms. This is especially because the Yalp Store is not officially offered by Google or originated by Google, but only the Play Store API is used to access this app / service. This is basically a violation of the terms of use of the Play Store:
"You agree not to access (or attempt to access) Google Play by any means other than through the interface that is provided by Google, unless you have been specifically allowed to do so in a separate agreement with Google. You specifically agree not to access (or attempt to access) Google Play through any automated means (including use of scripts, crawlers, or similar technologies) and shall ensure that you comply with the instructions set out in any robots.txt file present on the Google Play website."
That we are in a legally highly controversial grey zone when using apps like Yalp or services like APKPure, which download the APKs from the Playstore, becomes clear when we look at an interview with a lawyer and the discussion on areamobile. Without wanting to deal intensively with all the legal implications mentioned there, it is essential, in my opinion, to take a differentiated approach in answering the question of the legality of the use of these services. The first question to be answered is which "copyrights" (by whom) are potentially violated when downloading apps from the Play Store with these services. http://www.areamobile.de/community/news/188457-darf-ich-das-android-ohne-google-apps-ohne-play-store.html
In my opinion, it plays an important role to differentiate between how and under which license conditions the apps were published. If it is "proprietary" software that is offered exclusively in the Google Play Store, an infringement of copyrights may well be obvious. However, the situation is different with FOSS apps, which have been posted in the Play Store as well as in the F-Droid Store or on the developer's website. If you download this app from the Play Store using services such as Yalp, you shouldn't violate the rights of the actual author (the app developer), who actually designed the app "openly" and "freely". Rather, the (alleged) rights of Google, which the author had to grant to Google in order to be allowed to place his apps in the Play Store, are in question.
In order not to expose yourself to this problem in the first place, it would be better to do without the apps in the Google Play Store completely and to use apps from the F-Droid Store. If this is not possible for you - for whatever reason - the Yalp Store can be an alternative to the Play Store and is interesting for all those who use custom ROMs like LineageOS, but prefer not to install the proprietary GAPPS.
5.2 Reality vs. wishful thinking
Personally, I get by completely without apps from the Google Play Store. A few years ago, this was unthinkable for many privacy-sensitive users because the number of apps in F-Droid was still relatively small. In 2019 it improved the situation a bit. Nevertheless, there are still apps that are only offered in the Play Store. It would therefore be unrealistic to simply assume that everyone can get by with the apps offered in the F-Droid.
So if you can't find an alternative in F-Droid for your "favourite app" from the Google Play Store, you won't be able to avoid getting some of your apps from the Play Store. Since the apps from the Play Store are often accompanied by a "loss of control", I will show you in further parts of the article series how you can minimize this with apps like AdAway, Shelter or XPrivacyLua.
6. conclusion
The F-Droid Store gives us access to FOSS apps, which are intended to serve as an alternative to well-known apps. As a critical user, we benefit in particular from the free and open source applications offered in the F-Droid Store. This will enable us to regain a great deal of data dominance on our smartphone.
Ideally, you can completely renounce the Google Play Store. If you don't succeed and prefer to forego the additional installation of GAPPS on your device, you'll find a possible alternative in the Yalp Store - but that's a legal grey area.
That we are in a legally highly controversial grey zone when using apps like Yalp or services like APKPure, which download the APKs from the Playstore, becomes clear when we look at an interview with a lawyer and the discussion on areamobile. Without wanting to deal intensively with all the legal implications mentioned there, it is essential, in my opinion, to take a differentiated approach in answering the question of the legality of the use of these services. The first question to be answered is which "copyrights" (by whom) are potentially violated when downloading apps from the Play Store with these services. http://www.areamobile.de/community/news/188457-darf-ich-das-android-ohne-google-apps-ohne-play-store.html
In my opinion, it plays an important role to differentiate between how and under which license conditions the apps were published. If it is "proprietary" software that is offered exclusively in the Google Play Store, an infringement of copyrights may well be obvious. However, the situation is different with FOSS apps, which have been posted in the Play Store as well as in the F-Droid Store or on the developer's website. If you download this app from the Play Store using services such as Yalp, you shouldn't violate the rights of the actual author (the app developer), who actually designed the app "openly" and "freely". Rather, the (alleged) rights of Google, which the author had to grant to Google in order to be allowed to place his apps in the Play Store, are in question.
In order not to expose yourself to this problem in the first place, it would be better to do without the apps in the Google Play Store completely and to use apps from the F-Droid Store. If this is not possible for you - for whatever reason - the Yalp Store can be an alternative to the Play Store and is interesting for all those who use custom ROMs like LineageOS, but prefer not to install the proprietary GAPPS.
5.2 Reality vs. wishful thinking
Personally, I get by completely without apps from the Google Play Store. A few years ago, this was unthinkable for many privacy-sensitive users because the number of apps in F-Droid was still relatively small. In 2019 it improved the situation a bit. Nevertheless, there are still apps that are only offered in the Play Store. It would therefore be unrealistic to simply assume that everyone can get by with the apps offered in the F-Droid.
So if you can't find an alternative in F-Droid for your "favourite app" from the Google Play Store, you won't be able to avoid getting some of your apps from the Play Store. Since the apps from the Play Store are often accompanied by a "loss of control", I will show you in further parts of the article series how you can minimize this with apps like AdAway, Shelter or XPrivacyLua.
6. conclusion
The F-Droid Store gives us access to FOSS apps, which are intended to serve as an alternative to well-known apps. As a critical user, we benefit in particular from the free and open source applications offered in the F-Droid Store. This will enable us to regain a great deal of data dominance on our smartphone.
Ideally, you can completely renounce the Google Play Store. If you don't succeed and prefer to forego the additional installation of GAPPS on your device, you'll find a possible alternative in the Yalp Store - but that's a legal grey area.
In the following article of the article series we will dedicate ourselves to the tracking and advertising blocker AdAway. AdAway is comparable to a local pi-hole that works directly on the device. For all those who continue to purchase apps on the Play Store, AdAway is an effective way to make the integrated tracker and advertising modules "harmless".
Source (german) and more info:
https://www.kuketz-blog.de/f-droid-freie-und-quelloffene-apps-take-back-control-teil5/
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #fdroid #kuketz
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
Source (german) and more info:
https://www.kuketz-blog.de/f-droid-freie-und-quelloffene-apps-take-back-control-teil5/
#android #NoGoogle #guide #part1 #part2 #part4 #part5 #fdroid #kuketz
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
Rethinking digital service design could reduce their environmental impact
Digital technology companies could reduce the carbon footprint of services like You Tube by changing how they are designed, experts say.
Human-Computer Interaction researchers from the University of Bristol looked at how much electric energy was used to provide YouTube videos to people globally in 2016, to enable them to estimate the serviceโs carbon footprint in that year.
Their analysis showed it was around 10Mt CO2e (Million Metric tons of carbon dioxide equivalent) โ approximately that of a city the size of Glasgow.
These carbon emissions result from servers and networking devices streaming about 1bn hours of YouTube video to user devices each day.
They also assessed the reductions that could be gained by eliminating one example of โdigital wasteโ โ namely avoiding sending images to users who are only using YouTube to listen to audio. They estimated such a design intervention could reduce the footprint by between 100-500Kt CO2e annually โ the carbon footprint of roughly 30,000 UK homes.
While previous academic studies have identified ways in which Interaction Design could reduce the carbon footprint of digital services, this was the first to quantify the benefits of one such intervention.
PDF:
http://delivery.acm.org/10.1145/3310000/3300627/paper397.pdf
https://www.bristol.ac.uk/news/2019/may/rethinking-digital-service-design-.html
#pdf #report #youtube #environmental #impact #research
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
Digital technology companies could reduce the carbon footprint of services like You Tube by changing how they are designed, experts say.
Human-Computer Interaction researchers from the University of Bristol looked at how much electric energy was used to provide YouTube videos to people globally in 2016, to enable them to estimate the serviceโs carbon footprint in that year.
Their analysis showed it was around 10Mt CO2e (Million Metric tons of carbon dioxide equivalent) โ approximately that of a city the size of Glasgow.
These carbon emissions result from servers and networking devices streaming about 1bn hours of YouTube video to user devices each day.
They also assessed the reductions that could be gained by eliminating one example of โdigital wasteโ โ namely avoiding sending images to users who are only using YouTube to listen to audio. They estimated such a design intervention could reduce the footprint by between 100-500Kt CO2e annually โ the carbon footprint of roughly 30,000 UK homes.
While previous academic studies have identified ways in which Interaction Design could reduce the carbon footprint of digital services, this was the first to quantify the benefits of one such intervention.
PDF:
http://delivery.acm.org/10.1145/3310000/3300627/paper397.pdf
https://www.bristol.ac.uk/news/2019/may/rethinking-digital-service-design-.html
#pdf #report #youtube #environmental #impact #research
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
A spam victim hacks back.
"I give you the choice to inherit me. You' re getting $10 million." Who is behind this kind of spam? A hacker went on a search and found what he was looking for.
Everything started with a mail that promised to make me rich - again. Someone is seriously ill, has stashed 10 million US dollars abroad and wants me to participate - I'm lucky. This is of course total nonsense and one of millions of spam mails that probably everyone has ever received. Automatically I move the mouse pointer over the delete button - and pause. I've had enough, I'm fed up! This time I get on the number. I wanted to know how the cheater proceeds - and maybe even arrest him.
Careless impostor
After some mail conversation, the scammer lured me to a fake online banking site. From there I was supposed to transfer the assets to my account. That failed of course and the fraudster claimed to get a valid TAN only against the payment of 2500 US dollars. Of course, I thought and took a closer look at the website. I came across a SQL injection gap. With a few targeted SQL commands I was able to read out a database with details of an admin page for a large-scale spam campaign. Practically there was also the access data for the page - Facepalm.
But it gets even better: The campaign website also had a security problem. By means of a cross-site scripting attack (stored XSS), I was able to infiltrate the first name database field with the instruction to call a Java script stored on a server controlled by me into the administration page. Consequently, I changed the access data and laid out a bait: I informed the fraudster that I had control over the site and that the new login data was only available for money. He bit, called the administration panel and reset the data. He loaded the script from my server and I could save his IP address.
From the provider to the router
A Whois query for the recorded IP address revealed that it belongs to the South African provider Hitec Sure. A subsequent scan revealed port 666 of the web interface of a TP Link Router. At this point another facepalm was due: The fraudster did not change the router's default access data and I could log in with the username "admin" and the password "admin".
By adjusting the DNS server configuration in the router, I redirected requests and recorded data: From now on I could watch all internet activities of the fraudster in real time. It turned out that the fraudster was constantly scanning for badly secured mail servers. Within ten days, about 750 MBytes of data were collected. I could read the PPPoE access data from the web interface of the router. Who would have thought that: Practically these data worked also in the customer portal of the provider. After I had registered there, I could see the complete name of the connection owner. Since the provider portal does not reveal any address data, the exact place of residence of the swindler was still unclear at this time.
Address search
I happen to have the same TP-Link model as the spammer. As a result, I was able to create and successfully test a suitable alternative firmware in the form of an OpenWRT image. I then pre-configured this with the provider and WLAN access data I had read out and flashed it via the web interface of the fraud router. By default, however, the device refuses to update the firmware via remote maintenance. However, I could handle this with comparatively little effort: In the corresponding input fields, only an HTML attribute set to Disabled prohibited this process. I was able to remove the attribute without any problems and update it remotely.
"I give you the choice to inherit me. You' re getting $10 million." Who is behind this kind of spam? A hacker went on a search and found what he was looking for.
Everything started with a mail that promised to make me rich - again. Someone is seriously ill, has stashed 10 million US dollars abroad and wants me to participate - I'm lucky. This is of course total nonsense and one of millions of spam mails that probably everyone has ever received. Automatically I move the mouse pointer over the delete button - and pause. I've had enough, I'm fed up! This time I get on the number. I wanted to know how the cheater proceeds - and maybe even arrest him.
Careless impostor
After some mail conversation, the scammer lured me to a fake online banking site. From there I was supposed to transfer the assets to my account. That failed of course and the fraudster claimed to get a valid TAN only against the payment of 2500 US dollars. Of course, I thought and took a closer look at the website. I came across a SQL injection gap. With a few targeted SQL commands I was able to read out a database with details of an admin page for a large-scale spam campaign. Practically there was also the access data for the page - Facepalm.
But it gets even better: The campaign website also had a security problem. By means of a cross-site scripting attack (stored XSS), I was able to infiltrate the first name database field with the instruction to call a Java script stored on a server controlled by me into the administration page. Consequently, I changed the access data and laid out a bait: I informed the fraudster that I had control over the site and that the new login data was only available for money. He bit, called the administration panel and reset the data. He loaded the script from my server and I could save his IP address.
From the provider to the router
A Whois query for the recorded IP address revealed that it belongs to the South African provider Hitec Sure. A subsequent scan revealed port 666 of the web interface of a TP Link Router. At this point another facepalm was due: The fraudster did not change the router's default access data and I could log in with the username "admin" and the password "admin".
By adjusting the DNS server configuration in the router, I redirected requests and recorded data: From now on I could watch all internet activities of the fraudster in real time. It turned out that the fraudster was constantly scanning for badly secured mail servers. Within ten days, about 750 MBytes of data were collected. I could read the PPPoE access data from the web interface of the router. Who would have thought that: Practically these data worked also in the customer portal of the provider. After I had registered there, I could see the complete name of the connection owner. Since the provider portal does not reveal any address data, the exact place of residence of the swindler was still unclear at this time.
Address search
I happen to have the same TP-Link model as the spammer. As a result, I was able to create and successfully test a suitable alternative firmware in the form of an OpenWRT image. I then pre-configured this with the provider and WLAN access data I had read out and flashed it via the web interface of the fraud router. By default, however, the device refuses to update the firmware via remote maintenance. However, I could handle this with comparatively little effort: In the corresponding input fields, only an HTML attribute set to Disabled prohibited this process. I was able to remove the attribute without any problems and update it remotely.
In addition to the provider data and the WLAN configuration, I also added a DynDNS client and a firewall rule for an SSH server to the image. So I had remote access to the device. Afterwards I could read the MAC address of the router as well as three SSIDs from surrounding networks. With a free test account at the geolocation service provider Combain I got the approximate coordinates of these networks. With this information I could finally limit the location of the fraudster to a certain street in Johannesburg, South Africa. That's what I left it at first and didn't contact the spammer anymore.
Now I sat on a gigantic data heap and did not know so correctly, what I should make with the quite explosive information. Go to the police? Difficult. By my acting I made myself certainly punishable. In the end I decided to send the data via the anonymous mailbox ....... editorial office. In consultation with the editors, we then decided to publish the story anonymously.
https://www.heise.de/ct/artikel/Ein-Spam-Opfer-hackt-zurueck-4416729.html
#spam #mail #victim #hacking
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
Now I sat on a gigantic data heap and did not know so correctly, what I should make with the quite explosive information. Go to the police? Difficult. By my acting I made myself certainly punishable. In the end I decided to send the data via the anonymous mailbox ....... editorial office. In consultation with the editors, we then decided to publish the story anonymously.
https://www.heise.de/ct/artikel/Ein-Spam-Opfer-hackt-zurueck-4416729.html
#spam #mail #victim #hacking
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
This media is not supported in your browser
VIEW IN TELEGRAM
๐บ ZombieLoad: Cross Privilege-Boundary Data Leakage
In this scenario, we constantly sample data using ZombieLoad and match leaked values against a list of predefined keywords.
The adversary application prints keywords whenever the victim browser process handles data that matches the list of adversary keywords.
Note that the video shows a browser that runs inside a VM:
ZombieLoad leaks across sibling Hyperthreads regardless of virtual machine boundaries.
๐บ https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html
#ZombieLoad #video #podcast #poc
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
๐ก@FLOSSb0xIN
In this scenario, we constantly sample data using ZombieLoad and match leaked values against a list of predefined keywords.
The adversary application prints keywords whenever the victim browser process handles data that matches the list of adversary keywords.
Note that the video shows a browser that runs inside a VM:
ZombieLoad leaks across sibling Hyperthreads regardless of virtual machine boundaries.
๐บ https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html
#ZombieLoad #video #podcast #poc
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
๐ก@FLOSSb0xIN
This media is not supported in your browser
VIEW IN TELEGRAM
๐บ San Francisco leaders ban facial recognition tech
San Francisco supervisors today approved a ban on police using facial recognition technology, making it the first city in the U.S. with such a restriction.
๐บ https://www.youtube.com/watch?v=2OCR4By38vc
#USA #SanFrancisco #ban #police #facialrecon
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
๐ก@FLOSSb0xIN
San Francisco supervisors today approved a ban on police using facial recognition technology, making it the first city in the U.S. with such a restriction.
๐บ https://www.youtube.com/watch?v=2OCR4By38vc
#USA #SanFrancisco #ban #police #facialrecon
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
๐ก@FLOSSb0xIN
Audio
๐ง Elfin APT group targets Middle East energy sector.
Researchers at Symantec have been tracking an espionage group known as Elfin (aka APT 33) that has targeted dozens of organizations over the past three years, primarily focusing on Saudi Arabia and the United States - See more at: https://www.thecyberwire.com/podcasts/cw-podcasts-rs-2019-05-18.html#.dpuf
๐ป #ResearchSaturday #CyberWire #podcast
https://www.thecyberwire.com/podcasts/cw-podcasts-rs-2019-05-18.html
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
๐ก@FLOSSb0xIN
Researchers at Symantec have been tracking an espionage group known as Elfin (aka APT 33) that has targeted dozens of organizations over the past three years, primarily focusing on Saudi Arabia and the United States - See more at: https://www.thecyberwire.com/podcasts/cw-podcasts-rs-2019-05-18.html#.dpuf
๐ป #ResearchSaturday #CyberWire #podcast
https://www.thecyberwire.com/podcasts/cw-podcasts-rs-2019-05-18.html
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
๐ก@FLOSSb0xIN
Data Security - What Google, Facebook and Microsoft really know about you
Google something quickly, then here and there a little like and then order something on the Internet with Cortana: Everyday life for many people, but with every action we willingly reveal our data. How much the internet knows about each of us is frightening.
Google knows everything?
Yes, and much more! And sometimes Google even knows things we don't know ourselves, best example: What Google actually knows about us. Dieter Bohn, editor-in-chief of "The Verge", put it very elegantly: https://twitter.com/backlon/status/1126662189127950336
"Google: our advanced AI algorithms can predict what car you want to rent and then fill out the web form for you. It knows what you want and just does it."
Mark Vang of the World Community Computing Grid, an IBM project where people make their PCs and computing power available to research, added: https://twitter.com/chmod777Mark/status/1127191469880684544
"...also, all that data we have collected and continue to collect will stay right on our servers where we can sell it to anyone... but feel free to "delete" your account at any time..."
If you use a free service, you are the product
But Google is not the only Internet giant that is targeting our data. Microsoft and Facebook, autonomous vehicles and smart homes also collect a lot of data. Why? Because, at least in the case of Facebook, we willingly tell them everything they don't want to know - and because it makes money.
You also want to know what the Internet knows about you? The answer is frightening.
Dylan Curran, privacy advisor for Presearch.org and former advisor to the American Civil Liberties Union (ACLU), has examined the data the big companies have collected about him. These are his findings: https://twitter.com/iamdylancurran/status/977559925680467968
โ๏ธMovement profile
Google keeps track of where you've been in recent weeks, months, and years, when you've been there, and how much time it took you to get from one place to another.
Even if you've disabled geolocalization, Google stores location data from other sources. This includes information such as which W-LAN network you use and search queries on Google Maps.
At https://www.google.com/maps/timeline?pb you can retrieve your own motion profile.
โ๏ธGoogle knows everything you have ever searched for - and deleted
In addition to your motion profile, Google creates a cross-device personal search profile from all your search queries. This means that even if you delete your search history on a device, the data is still there.
At https://myactivity.google.com/myactivity you can check your activity log and change your activity settings.
โ๏ธAdvertisement
Google does not only store data, but also combines them in different ways. You never searched for "How do I lose 10 kg in 2 weeks"? You don't need it either. Google will tell you that you are a woman in your early thirties and have been looking for organic shops in your area.
The combination of location data, gender, age, hobbies (search queries), career, interests, relationship status and approximate weight as well as income leads to a unique marketing profile on the basis of which you receive advertising.
At https://www.google.com/settings/ads/ you can view your advertising profile.
โ๏ธApp usage
You use an ad blocker? Google knows. Do you often translate texts? Google knows. You use a Doodle list to plan an international business meeting. Google knows, because it stores all data about apps and extensions you use.
This information includes what apps you use, when and where you use them, how often, how long and with whom you communicate, including who they chat to on Facebook, where that person lives and when you go to sleep.
At https://myaccount.google.com/permissions you can access the apps with access to your account.
โ๏ธGoogle knows all the YouTube videos you've ever watched
Google stores all the videos you've ever searched and watched on YouTube - even if you closed it after seconds.
Google something quickly, then here and there a little like and then order something on the Internet with Cortana: Everyday life for many people, but with every action we willingly reveal our data. How much the internet knows about each of us is frightening.
Google knows everything?
Yes, and much more! And sometimes Google even knows things we don't know ourselves, best example: What Google actually knows about us. Dieter Bohn, editor-in-chief of "The Verge", put it very elegantly: https://twitter.com/backlon/status/1126662189127950336
"Google: our advanced AI algorithms can predict what car you want to rent and then fill out the web form for you. It knows what you want and just does it."
Mark Vang of the World Community Computing Grid, an IBM project where people make their PCs and computing power available to research, added: https://twitter.com/chmod777Mark/status/1127191469880684544
"...also, all that data we have collected and continue to collect will stay right on our servers where we can sell it to anyone... but feel free to "delete" your account at any time..."
If you use a free service, you are the product
But Google is not the only Internet giant that is targeting our data. Microsoft and Facebook, autonomous vehicles and smart homes also collect a lot of data. Why? Because, at least in the case of Facebook, we willingly tell them everything they don't want to know - and because it makes money.
You also want to know what the Internet knows about you? The answer is frightening.
Dylan Curran, privacy advisor for Presearch.org and former advisor to the American Civil Liberties Union (ACLU), has examined the data the big companies have collected about him. These are his findings: https://twitter.com/iamdylancurran/status/977559925680467968
โ๏ธMovement profile
Google keeps track of where you've been in recent weeks, months, and years, when you've been there, and how much time it took you to get from one place to another.
Even if you've disabled geolocalization, Google stores location data from other sources. This includes information such as which W-LAN network you use and search queries on Google Maps.
At https://www.google.com/maps/timeline?pb you can retrieve your own motion profile.
โ๏ธGoogle knows everything you have ever searched for - and deleted
In addition to your motion profile, Google creates a cross-device personal search profile from all your search queries. This means that even if you delete your search history on a device, the data is still there.
At https://myactivity.google.com/myactivity you can check your activity log and change your activity settings.
โ๏ธAdvertisement
Google does not only store data, but also combines them in different ways. You never searched for "How do I lose 10 kg in 2 weeks"? You don't need it either. Google will tell you that you are a woman in your early thirties and have been looking for organic shops in your area.
The combination of location data, gender, age, hobbies (search queries), career, interests, relationship status and approximate weight as well as income leads to a unique marketing profile on the basis of which you receive advertising.
At https://www.google.com/settings/ads/ you can view your advertising profile.
โ๏ธApp usage
You use an ad blocker? Google knows. Do you often translate texts? Google knows. You use a Doodle list to plan an international business meeting. Google knows, because it stores all data about apps and extensions you use.
This information includes what apps you use, when and where you use them, how often, how long and with whom you communicate, including who they chat to on Facebook, where that person lives and when you go to sleep.
At https://myaccount.google.com/permissions you can access the apps with access to your account.
โ๏ธGoogle knows all the YouTube videos you've ever watched
Google stores all the videos you've ever searched and watched on YouTube - even if you closed it after seconds.
Accordingly, Google knows whether you're about to become a parent, what your political views are, what your religion is, whether you're depressed or even suicidal.
More: https://www.youtube.com/feed/history/search_history
โ๏ธ Three million Word documents data
The good thing about Google is that you can request and view all this data. Dylan Curran did just that and received an archive file of 5.5 GB. That's about three million pages of continuous text.
If you are curious: Under the motto "Your account, your data", at https://takeout.google.com/settings/takeout you can "export a copy of the content from your Google Account if you want to back it up or use it with a service from another provider," says Google.
This data includes all the above information, plus bookmarks, email, contacts, Google Drive files, photos taken with your phone, stores where you bought something, and products you bought on Google.
Plus your calendar, hangout conversations, music, books, groups, websites they created, phones they owned, shared pages, how many steps you took a day - a nearly endless list.
โ๏ธHow Google gets your data
Even though you probably don't like that answer: You give your data voluntarily. The Google archive of collected data will show you how.
๐๐ผ 1. search history
Dylan Curran's search history included more than 90,000 entries, including images he downloaded and websites he visited. Of course, the search history also offers all search queries for websites for the illegal downloading of programs, movies and music, so that these data can be used against you in a court hearing and cause great damage.
๐๐ผ 2nd calendar
Your calendar reveals more about you than you might want to admit and shows all the appointments you've ever added. It doesn't matter if you finally noticed it or not.
In combination with your location data, Google knows if they were there, when they arrived - and in case of an interview - how your appointment went. If you're on your way back very quickly, you probably didn't get the new dream job.
๐๐ผ 3rd Google Drive
The Google archive of collected data also includes the entire Google Drive, including any data you deleted a long time ago. Among other things, Dylan found his resume, monthly financial overviews, website program code, and a "permanently deleted" PGP security key he used to lock his emails.
๐๐ผ 4th Google Fit
Even the small wearables like Smartwatch or Fitnesstracker make a contribution to the data collection frenzy of the big corporations. Although Dylan Curran deleted this data months ago and withdrew all permissions from the apps, he found, in the truest sense of the word, a list of all his steps.
Google Fit had diligently counted all the steps he ever took and when and where he went. Of course also all times of relaxation, yoga or fitness exercises.
๐๐ผ 5. photos
If you accidentally deleted all your photos, don't worry, Google still has them all - including metadata about when, where, and with what device you took them. Well sorted by year and date, of course.
๐๐ผ 6. e-mails
If you use Google Mail or Gmail, Google also has all the emails you've ever sent or received. The same applies to all emails you have deleted and those you have never received (because they have been categorized as spam).
๐๐ผ 7. activity protocol
The activity log again contains thousands of files and could probably tell you exactly how you felt day and second. Due to the abundance of this data, Dylan Curran could only present a brief selection:
Google stores all the ads you've ever seen or clicked on, every app you've opened, installed or searched for, and every webpage you've ever visited.
Every image you searched or saved, every place you searched or clicked, every news item and newspaper article, every video you clicked on, and every search query you've made since your first Google search - whether you have a Google Account or not!
โ๏ธ Data security on Facebook
Facebook also offers the option to download his private data. For Dylan Curran, this file was "only" 600 MB or about 400,000 pages of text.
More: https://www.youtube.com/feed/history/search_history
โ๏ธ Three million Word documents data
The good thing about Google is that you can request and view all this data. Dylan Curran did just that and received an archive file of 5.5 GB. That's about three million pages of continuous text.
If you are curious: Under the motto "Your account, your data", at https://takeout.google.com/settings/takeout you can "export a copy of the content from your Google Account if you want to back it up or use it with a service from another provider," says Google.
This data includes all the above information, plus bookmarks, email, contacts, Google Drive files, photos taken with your phone, stores where you bought something, and products you bought on Google.
Plus your calendar, hangout conversations, music, books, groups, websites they created, phones they owned, shared pages, how many steps you took a day - a nearly endless list.
โ๏ธHow Google gets your data
Even though you probably don't like that answer: You give your data voluntarily. The Google archive of collected data will show you how.
๐๐ผ 1. search history
Dylan Curran's search history included more than 90,000 entries, including images he downloaded and websites he visited. Of course, the search history also offers all search queries for websites for the illegal downloading of programs, movies and music, so that these data can be used against you in a court hearing and cause great damage.
๐๐ผ 2nd calendar
Your calendar reveals more about you than you might want to admit and shows all the appointments you've ever added. It doesn't matter if you finally noticed it or not.
In combination with your location data, Google knows if they were there, when they arrived - and in case of an interview - how your appointment went. If you're on your way back very quickly, you probably didn't get the new dream job.
๐๐ผ 3rd Google Drive
The Google archive of collected data also includes the entire Google Drive, including any data you deleted a long time ago. Among other things, Dylan found his resume, monthly financial overviews, website program code, and a "permanently deleted" PGP security key he used to lock his emails.
๐๐ผ 4th Google Fit
Even the small wearables like Smartwatch or Fitnesstracker make a contribution to the data collection frenzy of the big corporations. Although Dylan Curran deleted this data months ago and withdrew all permissions from the apps, he found, in the truest sense of the word, a list of all his steps.
Google Fit had diligently counted all the steps he ever took and when and where he went. Of course also all times of relaxation, yoga or fitness exercises.
๐๐ผ 5. photos
If you accidentally deleted all your photos, don't worry, Google still has them all - including metadata about when, where, and with what device you took them. Well sorted by year and date, of course.
๐๐ผ 6. e-mails
If you use Google Mail or Gmail, Google also has all the emails you've ever sent or received. The same applies to all emails you have deleted and those you have never received (because they have been categorized as spam).
๐๐ผ 7. activity protocol
The activity log again contains thousands of files and could probably tell you exactly how you felt day and second. Due to the abundance of this data, Dylan Curran could only present a brief selection:
Google stores all the ads you've ever seen or clicked on, every app you've opened, installed or searched for, and every webpage you've ever visited.
Every image you searched or saved, every place you searched or clicked, every news item and newspaper article, every video you clicked on, and every search query you've made since your first Google search - whether you have a Google Account or not!
โ๏ธ Data security on Facebook
Facebook also offers the option to download his private data. For Dylan Curran, this file was "only" 600 MB or about 400,000 pages of text.
It contained all the messages he had ever sent or received, all his phone contacts, and all his voice messages.
In addition, Facebook stores all your (possible) interests based on the posts you have clicked or hidden and - rather pointless to the privacy officer - all the stickers you have ever sent or received.
๐๐ผ log
In addition, Facebook - similar to Google - stores all your activity data when you log in. This includes the from where and which device was currently used.
The company also stores data from all apps ever connected to Facebook, so Facebook knows your political views and interests. Facebook may also know that you were single (because you installed/uninstalled Tinder) and had a new smartphone in November.
โ๏ธ Data security is a top priority for Windows ๐
In principle yes, because those who use Windows 10 have countless possibilities to "protect" their privacy. In fact, there are so many that it becomes confusing. Very few people actually take the time to read through all 16 (!) menu items and their respective options and further settings and decide individually. Categorically deactivating all switches neither provides the optimal protection nor the optimal user experience.
Google's new security concept works in a very similar way under the motto: "You have the choice" - except that nobody explains to you what you can actually choose there.
๐๐ผ External control of webcam and microphone
The data that Windows stores by default again includes location data, what programs you have installed, when you installed them, and how you use them. In addition: Contacts, email, calendar, call history, text messages, favorite recipes, games, downloads, photos, videos, music, on and offline search history, and even what radio station you're listening to. Plus, Windows has constant access to your cameras and microphones.
But it's also one of the biggest paradoxes of modern society. We would never allow the government to place cameras or microphones in our homes or movement trackers in our clothes in the life of the government, instead we do it voluntarily, because - let's face it - we really want to see this sweet cat video.
Source (german) and more info:
https://www.epochtimes.de/genial/tech/datensicherheit-das-wissen-google-facebook-und-microsoft-wirklich-ueber-sie-a2885439.html
#google #facebook #microsoft #data #privacy #why
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
๐ก@FLOSSb0xIN
In addition, Facebook stores all your (possible) interests based on the posts you have clicked or hidden and - rather pointless to the privacy officer - all the stickers you have ever sent or received.
๐๐ผ log
In addition, Facebook - similar to Google - stores all your activity data when you log in. This includes the from where and which device was currently used.
The company also stores data from all apps ever connected to Facebook, so Facebook knows your political views and interests. Facebook may also know that you were single (because you installed/uninstalled Tinder) and had a new smartphone in November.
โ๏ธ Data security is a top priority for Windows ๐
In principle yes, because those who use Windows 10 have countless possibilities to "protect" their privacy. In fact, there are so many that it becomes confusing. Very few people actually take the time to read through all 16 (!) menu items and their respective options and further settings and decide individually. Categorically deactivating all switches neither provides the optimal protection nor the optimal user experience.
Google's new security concept works in a very similar way under the motto: "You have the choice" - except that nobody explains to you what you can actually choose there.
๐๐ผ External control of webcam and microphone
The data that Windows stores by default again includes location data, what programs you have installed, when you installed them, and how you use them. In addition: Contacts, email, calendar, call history, text messages, favorite recipes, games, downloads, photos, videos, music, on and offline search history, and even what radio station you're listening to. Plus, Windows has constant access to your cameras and microphones.
But it's also one of the biggest paradoxes of modern society. We would never allow the government to place cameras or microphones in our homes or movement trackers in our clothes in the life of the government, instead we do it voluntarily, because - let's face it - we really want to see this sweet cat video.
Source (german) and more info:
https://www.epochtimes.de/genial/tech/datensicherheit-das-wissen-google-facebook-und-microsoft-wirklich-ueber-sie-a2885439.html
#google #facebook #microsoft #data #privacy #why
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
๐ก@FLOSSb0xIN
CMOinfographic.pdf
25.8 MB
A Look Back At 25 Years Of Digital Advertising
Advertising has always found a way to adapt to the medium. But the introduction of the โWorld Wide Webโ in 1991 truly changed everythingโproviding advertisers with an unprecedented opportunity to flex their creative chops. Within a few years, new and entirely different types of ads began to, quite literally, pop up.
PDF:
https://www.cmo.com/content/dam/CMO_Other/articles/CMOinfographic.pdf
Article:
https://www.cmo.com/features/articles/2019/3/19/25-years-of-digital.html#gs.cig5lu
German:
https://t.me/cRyPtHoN_INFOSEC_DE/3032
#advertising #ads #history #pdf
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
Advertising has always found a way to adapt to the medium. But the introduction of the โWorld Wide Webโ in 1991 truly changed everythingโproviding advertisers with an unprecedented opportunity to flex their creative chops. Within a few years, new and entirely different types of ads began to, quite literally, pop up.
PDF:
https://www.cmo.com/content/dam/CMO_Other/articles/CMOinfographic.pdf
Article:
https://www.cmo.com/features/articles/2019/3/19/25-years-of-digital.html#gs.cig5lu
German:
https://t.me/cRyPtHoN_INFOSEC_DE/3032
#advertising #ads #history #pdf
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES