U.S. judge blocks Twitter's bid to reveal government surveillance requests
Twitter Inc will not be able to reveal surveillance requests it received from the U.S. government after a federal judge accepted government arguments that this was likely to harm national security after a near six-year long legal battle.
The social media company had sued the U.S. Department of Justice in 2014 to be allowed to reveal, as part of its “Draft Transparency Report”, the surveillance requests it received. It argued its free-speech rights were being violated by not being allowed to reveal the details.
U.S. District Judge Yvonne Gonzalez Rogers granted the government’s request to dismiss Twitter’s lawsuit in an eleven page order filed in the U.S. District Court for Northern California.
The judge ruled on Friday that granting Twitter’s request “would be likely to lead to grave or imminent harm to the national security.”
“The Government’s motion for summary judgment is GRANTED and Twitter’s motion for summary judgment is DENIED,” the judge said in her order.
Twitter had sued the Justice Department in its battle with federal agencies as the internet industry’s self-described champion of free speech seeking the right to reveal the extent of U.S. government surveillance.
👉🏼 Read more:
https://www.reuters.com/article/us-usa-twitter-lawsuit/u-s-judge-blocks-twitters-bid-to-reveal-government-surveillance-requests-idUSKBN2200CS
#Twitter #USA #lawsuit #goverment #surveillance
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Twitter Inc will not be able to reveal surveillance requests it received from the U.S. government after a federal judge accepted government arguments that this was likely to harm national security after a near six-year long legal battle.
The social media company had sued the U.S. Department of Justice in 2014 to be allowed to reveal, as part of its “Draft Transparency Report”, the surveillance requests it received. It argued its free-speech rights were being violated by not being allowed to reveal the details.
U.S. District Judge Yvonne Gonzalez Rogers granted the government’s request to dismiss Twitter’s lawsuit in an eleven page order filed in the U.S. District Court for Northern California.
The judge ruled on Friday that granting Twitter’s request “would be likely to lead to grave or imminent harm to the national security.”
“The Government’s motion for summary judgment is GRANTED and Twitter’s motion for summary judgment is DENIED,” the judge said in her order.
Twitter had sued the Justice Department in its battle with federal agencies as the internet industry’s self-described champion of free speech seeking the right to reveal the extent of U.S. government surveillance.
👉🏼 Read more:
https://www.reuters.com/article/us-usa-twitter-lawsuit/u-s-judge-blocks-twitters-bid-to-reveal-government-surveillance-requests-idUSKBN2200CS
#Twitter #USA #lawsuit #goverment #surveillance
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Access data of the World Health Organization - Bill-Gates Foundation - Wuhan Institute of Virology hacked ... 👀
‼️ World Health Organization
http://archive.is/JIJ2b
‼️ Bill-Gates Foundation
archive.is/j6sgo
‼️ Wuhan Institute of Virology
https://archive.is/UtQGz#selection-247.0-247.59
#hacked #WHO #BillGates #Wuhan
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
‼️ World Health Organization
http://archive.is/JIJ2b
‼️ Bill-Gates Foundation
archive.is/j6sgo
‼️ Wuhan Institute of Virology
https://archive.is/UtQGz#selection-247.0-247.59
#hacked #WHO #BillGates #Wuhan
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
PrivacyBreacher
An app built to showcase the privacy issues in Android operating system
PrivacyBreacher is an Android app built as a proof of concept for a research article describing the privacy issues in Android. This app can access the following information from your phone without requesting any permissions:
‼️ Figure out at what time your phone screen turned on/off.
‼️ Figure out at what time you plugged in or removed your phone charger and wired headphones.
‼️ Figure out at what time you switched on/off your phone (i.e., it captures the device uptime and ACTION_SHUTDOWN broadcasts).
‼️ Access most of your device related information like your phone model, manufacturer etc.
‼️ Keep track of your WiFi/Mobile data usage.
‼️ Get a list of all the apps installed on your phone.
‼️ Construct a 3D visualization of your body movements.
💡 Research Article:
https://github.com/databurn-in/Android-Privacy-Issues
👉🏼 PrivacyBreacher:
https://github.com/databurn-in/PrivacyBreacher
#PrivacyBreacher #Android #App #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
An app built to showcase the privacy issues in Android operating system
PrivacyBreacher is an Android app built as a proof of concept for a research article describing the privacy issues in Android. This app can access the following information from your phone without requesting any permissions:
‼️ Figure out at what time your phone screen turned on/off.
‼️ Figure out at what time you plugged in or removed your phone charger and wired headphones.
‼️ Figure out at what time you switched on/off your phone (i.e., it captures the device uptime and ACTION_SHUTDOWN broadcasts).
‼️ Access most of your device related information like your phone model, manufacturer etc.
‼️ Keep track of your WiFi/Mobile data usage.
‼️ Get a list of all the apps installed on your phone.
‼️ Construct a 3D visualization of your body movements.
💡 Research Article:
https://github.com/databurn-in/Android-Privacy-Issues
👉🏼 PrivacyBreacher:
https://github.com/databurn-in/PrivacyBreacher
#PrivacyBreacher #Android #App #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
This media is not supported in your browser
VIEW IN TELEGRAM
How Facebook Figures Out Everyone You've Ever Met
‼️ Behind the Facebook profile you’ve built for yourself is another one, a shadow profile, built from the inboxes and smartphones of other Facebook users.
👉🏼 Read more:
https://gizmodo.com/how-facebook-figures-out-everyone-youve-ever-met-1819822691
#DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
‼️ Behind the Facebook profile you’ve built for yourself is another one, a shadow profile, built from the inboxes and smartphones of other Facebook users.
👉🏼 Read more:
https://gizmodo.com/how-facebook-figures-out-everyone-youve-ever-met-1819822691
#DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Neo-Nazis Are Spreading a List of Emails and Passwords for Gates Foundation and WHO Employees
SITE Intelligence, a private terrorism watchdog based in the U.S., first spotted the data dump and then its migration to a Telegram channel with over 5,000 followers and links to neo-Nazi terrorist organizations Atomwaffen Division and The Base, both of which have been under an extreme, nationwide FBI crackdown in recent months
Access data of the World Health Organization - Bill-Gates Foundation - Wuhan Institute of Virology hacked
👉🏼 https://t.me/BlackBox_Archiv/847
👉🏼 Read more:
https://www.vice.com/en_us/article/akwxzp/neo-nazis-are-spreading-a-list-of-emails-and-passwords-for-gates-foundation-and-who-employees
#hacked #WHO #BillGates #Wuhan
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
SITE Intelligence, a private terrorism watchdog based in the U.S., first spotted the data dump and then its migration to a Telegram channel with over 5,000 followers and links to neo-Nazi terrorist organizations Atomwaffen Division and The Base, both of which have been under an extreme, nationwide FBI crackdown in recent months
Access data of the World Health Organization - Bill-Gates Foundation - Wuhan Institute of Virology hacked
👉🏼 https://t.me/BlackBox_Archiv/847
👉🏼 Read more:
https://www.vice.com/en_us/article/akwxzp/neo-nazis-are-spreading-a-list-of-emails-and-passwords-for-gates-foundation-and-who-employees
#hacked #WHO #BillGates #Wuhan
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Bill Gates ID2020 Exposed
UPDATE: USAHACKERS Twitter and Facebook accounts have been suspended without Notice! We are trying to recover them.
While the Christian militia going by the name κατέχον did hack Gates Foundation servers and Marina Abramovic, we were the ones who leaked all the data from this initial hack.
What we uncovered from the data obtained from κατέχον’s hack is what compelled us to hack the World Health Organization, the Center for Disease Control, the National Institute of Health and the World Bank , and leak their data too. What we uncovered is pertinent right now as it is about the Covid-19 pandemic.
Included in our leaks are emails and passwords from the Wuhan Institute of Virology. We obtained the data much earlier, but we are still not sure who hacked the Institute. The κατέχον activists told us they did not hack the institute and were not aware it had been hacked. So for now, the hack on the Institute remains a mystery.
Due to the amount of information and files that can be obtained from our leaks, we hope that by making the leaks public, we will be able to crowdsource enough people to go through the numerous emails and files to uncover more pertinent information.
💡 Here are the archives:
WHO
— https://archive.is/JIJ2b
World Bank
— https://archive.is/0XJEL
Wuhan Virology Institute
— https://archive.is/UtQGz
US CDC
— https://archive.is/lyApN
NIH
— https://archive.is/WkHpk
Gates Foundation
— https://archive.is/j6sgo
👉🏼 Read more:
https://usahackers.com/2020/04/21/bill-gates-id2020-exposed/
#hacked #WHO #BillGates #Wuhan
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
UPDATE: USAHACKERS Twitter and Facebook accounts have been suspended without Notice! We are trying to recover them.
While the Christian militia going by the name κατέχον did hack Gates Foundation servers and Marina Abramovic, we were the ones who leaked all the data from this initial hack.
What we uncovered from the data obtained from κατέχον’s hack is what compelled us to hack the World Health Organization, the Center for Disease Control, the National Institute of Health and the World Bank , and leak their data too. What we uncovered is pertinent right now as it is about the Covid-19 pandemic.
Included in our leaks are emails and passwords from the Wuhan Institute of Virology. We obtained the data much earlier, but we are still not sure who hacked the Institute. The κατέχον activists told us they did not hack the institute and were not aware it had been hacked. So for now, the hack on the Institute remains a mystery.
Due to the amount of information and files that can be obtained from our leaks, we hope that by making the leaks public, we will be able to crowdsource enough people to go through the numerous emails and files to uncover more pertinent information.
💡 Here are the archives:
WHO
— https://archive.is/JIJ2b
World Bank
— https://archive.is/0XJEL
Wuhan Virology Institute
— https://archive.is/UtQGz
US CDC
— https://archive.is/lyApN
NIH
— https://archive.is/WkHpk
Gates Foundation
— https://archive.is/j6sgo
👉🏼 Read more:
https://usahackers.com/2020/04/21/bill-gates-id2020-exposed/
#hacked #WHO #BillGates #Wuhan
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Is Cloudflare safe yet? No.
Cloudflare is one of the Content Delivery Networks on the Internet. It’s responsible for serving at least 10% websites, while also providing VPN and DNS resolver services.
Unfortunately, there are many issues with Cloudflare's services, which could have an impact on the stability and safety of the internet as a whole. There have been some major internet disruptions as a result.
💡 How is Cloudflare harmful?
Cloudflare is trying to centralize the internet
The internet was built upon foundations of decentralization. In a traditional scenario, many internet services are provided by completely different subjects.
👀 Cloudflare is:
‼️ Providing domain registration services
‼️ Providing DNS nameservers
‼️ Providing DNS resolvers
‼️ Proxing and decrypting website traffic
‼️ Providing NTP services
‼️ Providing VPN services
You might wonder, how exactly is this harmful? There are two main concerns - robustness and privacy.
Cloudflare's outages are impacting more and more services. Trusting a single company to do everything right and to have a 100% stability and availability is never a good idea. They actively discourage combining the use of their services with services of other companies as well.
For example, if you register a domain with Cloudflare, you cannot use your own nameservers unless you pay for a Business or an Enterprise plan.
Having vast amounts of data at their disposal, Cloudflare can aggregate information from all of their various services to accurately pinpoint individual users as well.
👉🏼 Read more:
https://iscloudflaresafeyet.com
#Cloudflare #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Cloudflare is one of the Content Delivery Networks on the Internet. It’s responsible for serving at least 10% websites, while also providing VPN and DNS resolver services.
Unfortunately, there are many issues with Cloudflare's services, which could have an impact on the stability and safety of the internet as a whole. There have been some major internet disruptions as a result.
💡 How is Cloudflare harmful?
Cloudflare is trying to centralize the internet
The internet was built upon foundations of decentralization. In a traditional scenario, many internet services are provided by completely different subjects.
👀 Cloudflare is:
‼️ Providing domain registration services
‼️ Providing DNS nameservers
‼️ Providing DNS resolvers
‼️ Proxing and decrypting website traffic
‼️ Providing NTP services
‼️ Providing VPN services
You might wonder, how exactly is this harmful? There are two main concerns - robustness and privacy.
Cloudflare's outages are impacting more and more services. Trusting a single company to do everything right and to have a 100% stability and availability is never a good idea. They actively discourage combining the use of their services with services of other companies as well.
For example, if you register a domain with Cloudflare, you cannot use your own nameservers unless you pay for a Business or an Enterprise plan.
Having vast amounts of data at their disposal, Cloudflare can aggregate information from all of their various services to accurately pinpoint individual users as well.
👉🏼 Read more:
https://iscloudflaresafeyet.com
#Cloudflare #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Google Just Gave Millions Of Users A Reason To Quit Chrome, Windows 10
Google is always improving Chrome and it recently issued a brilliant (if long overdue) upgrade. That said, there have also been some recent controversial changes, security problems and data concerns and now Google has detailed a serious new problem in Chrome which cannot be fixed. The result is users may find themselves forced to choose between Windows 10 and Chrome.
💡Edit: James Forshaw has clarified that Firefox is impacted the same way because it uses the Chromium sandbox which Mozilla confirms. The result is Forshaw's research exposes a vulnerability for the sandbox of all major browsers to updates in Windows 10. I have followed this up with Firefox, Opera, Brave and Microsoft and will update when I have more information.
In a fascinating post titled ‘You Won't Believe what this One Line Change Did to the Chrome Sandbox’, Google’s Project Zero researcher James Forshaw revealed that Chrome is entirely reliant on the code of Windows 10 to stay secure. Moreover, Forshaw explains a new Windows 10 update recently broke through Chrome’s security with just a single line of misplaced code. Given Windows 10’s appalling recent update record, that’s not reassuring for either browser or platform.
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
👉🏼 Read more:
https://www.forbes.com/sites/gordonkelly/2020/04/23/google-chrome-critical-security-exploit-windows-10-upgrade-warning-update-chrome-browser/
#exploit #windows #chrome #firefox #browser #sandbox
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Google is always improving Chrome and it recently issued a brilliant (if long overdue) upgrade. That said, there have also been some recent controversial changes, security problems and data concerns and now Google has detailed a serious new problem in Chrome which cannot be fixed. The result is users may find themselves forced to choose between Windows 10 and Chrome.
💡Edit: James Forshaw has clarified that Firefox is impacted the same way because it uses the Chromium sandbox which Mozilla confirms. The result is Forshaw's research exposes a vulnerability for the sandbox of all major browsers to updates in Windows 10. I have followed this up with Firefox, Opera, Brave and Microsoft and will update when I have more information.
In a fascinating post titled ‘You Won't Believe what this One Line Change Did to the Chrome Sandbox’, Google’s Project Zero researcher James Forshaw revealed that Chrome is entirely reliant on the code of Windows 10 to stay secure. Moreover, Forshaw explains a new Windows 10 update recently broke through Chrome’s security with just a single line of misplaced code. Given Windows 10’s appalling recent update record, that’s not reassuring for either browser or platform.
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
👉🏼 Read more:
https://www.forbes.com/sites/gordonkelly/2020/04/23/google-chrome-critical-security-exploit-windows-10-upgrade-warning-update-chrome-browser/
#exploit #windows #chrome #firefox #browser #sandbox
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Analyzing Analytics (Featuring: The FBI)
Recently while conducting some research, I found myself down the path of Google Analytics ID’s as well as other analytics services. I was investigating ways to not only identify varying analytics code in sites, but to correlate them with other sites that may be linked to the same owner. Please note before further reading: I make some guesses about what I find, though that’s contrary to the concept of analysis, and I am not presuming to know definitively why I am seeing what I am seeing in this specific case study. It’s all just very curious to me. Dive in and take a look for yourself!
👉🏼 Read more:
https://exploits.run/analytics-analysis-fbi/
#FBI #analytics #analysis
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Recently while conducting some research, I found myself down the path of Google Analytics ID’s as well as other analytics services. I was investigating ways to not only identify varying analytics code in sites, but to correlate them with other sites that may be linked to the same owner. Please note before further reading: I make some guesses about what I find, though that’s contrary to the concept of analysis, and I am not presuming to know definitively why I am seeing what I am seeing in this specific case study. It’s all just very curious to me. Dive in and take a look for yourself!
👉🏼 Read more:
https://exploits.run/analytics-analysis-fbi/
#FBI #analytics #analysis
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Techno-Tyranny: How The US National Security State Is Using Coronavirus To Fulfill An Orwellian Vision
Last year, a government commission called for the US to adopt an AI-driven mass surveillance system far beyond that used in any other country in order to ensure American hegemony in artificial intelligence. Now, many of the “obstacles” they had cited as preventing its implementation are rapidly being removed under the guise of combating the coronavirus crisis.
Last year, a U.S. government body dedicated to examining how artificial intelligence can “address the national security and defense needs of the United States” discussed in detail the “structural” changes that the American economy and society must undergo in order to ensure a technological advantage over China, according to a recent document acquired through a FOIA request. This document suggests that the U.S. follow China’s lead and even surpass them in many aspects related to AI-driven technologies, particularly their use of mass surveillance. This perspective clearly clashes with the public rhetoric of prominent U.S. government officials and politicians on China, who have labeled the Chinese government’s technology investments and export of its surveillance systems and other technologies as a major “threat” to Americans’ “way of life.”
In addition, many of the steps for the implementation of such a program in the U.S., as laid out in this newly available document, are currently being promoted and implemented as part of the government’s response to the current coronavirus (Covid-19) crisis. This likely due to the fact that many members of this same body have considerable overlap with the taskforces and advisors currently guiding the government’s plans to “re-open the economy” and efforts to use technology to respond to the current crisis.
👉🏼 Read more:
https://www.thelastamericanvagabond.com/top-news/techno-tyranny-how-us-national-security-state-using-coronavirus-fulfill-orwellian-vision/
#USA #National #Security #State #coronavirus #orwell #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Last year, a government commission called for the US to adopt an AI-driven mass surveillance system far beyond that used in any other country in order to ensure American hegemony in artificial intelligence. Now, many of the “obstacles” they had cited as preventing its implementation are rapidly being removed under the guise of combating the coronavirus crisis.
Last year, a U.S. government body dedicated to examining how artificial intelligence can “address the national security and defense needs of the United States” discussed in detail the “structural” changes that the American economy and society must undergo in order to ensure a technological advantage over China, according to a recent document acquired through a FOIA request. This document suggests that the U.S. follow China’s lead and even surpass them in many aspects related to AI-driven technologies, particularly their use of mass surveillance. This perspective clearly clashes with the public rhetoric of prominent U.S. government officials and politicians on China, who have labeled the Chinese government’s technology investments and export of its surveillance systems and other technologies as a major “threat” to Americans’ “way of life.”
In addition, many of the steps for the implementation of such a program in the U.S., as laid out in this newly available document, are currently being promoted and implemented as part of the government’s response to the current coronavirus (Covid-19) crisis. This likely due to the fact that many members of this same body have considerable overlap with the taskforces and advisors currently guiding the government’s plans to “re-open the economy” and efforts to use technology to respond to the current crisis.
👉🏼 Read more:
https://www.thelastamericanvagabond.com/top-news/techno-tyranny-how-us-national-security-state-using-coronavirus-fulfill-orwellian-vision/
#USA #National #Security #State #coronavirus #orwell #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
This media is not supported in your browser
VIEW IN TELEGRAM
The Cameras in Your Car May Be Harvesting Data as You Drive
Safety system sensors in modern cars are collecting data about the road on behalf of the company that makes them
If you drive a newer car, it’s likely to have at least one built-in camera or sensor that powers important safety systems such as automatic emergency braking (AEB) and blind spot warning (BSW), or that makes driving easier with assistance features such as adaptive cruise control and lane centering. Most of the software and algorithms that control those systems were developed by Mobileye.
https://www.consumerreports.org/automotive-technology/the-cameras-in-your-car-may-be-harvesting-data-as-you-drive/
#data #harvesting #cars #cameras #algorithms #surveillance #thinkabout #Mobileye
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Safety system sensors in modern cars are collecting data about the road on behalf of the company that makes them
If you drive a newer car, it’s likely to have at least one built-in camera or sensor that powers important safety systems such as automatic emergency braking (AEB) and blind spot warning (BSW), or that makes driving easier with assistance features such as adaptive cruise control and lane centering. Most of the software and algorithms that control those systems were developed by Mobileye.
https://www.consumerreports.org/automotive-technology/the-cameras-in-your-car-may-be-harvesting-data-as-you-drive/
#data #harvesting #cars #cameras #algorithms #surveillance #thinkabout #Mobileye
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
What does Big Brother see, while he is watching? - Uncovering images from the secret Stasi archives
In the past years there has been a lot of discussion on the topic of state sponsored surveillance. But hardly any material can be accessed to support the general debate due to vaguely declared security concerns. So we are debating Big Brother with little knowledge about what he actually sees, while he is watching. Over the course of three years, I was able to research the archives left by East Germany's Stasi to look for visual memories of this notorious surveillance system and more recently I was invited to spend some weeks looking at the archive by the Czechoslovak StB.
https://media.ccc.de/v/32c3-7209-what_does_big_brother_see_while_he_is_watching
#CCC #32c3 #stasi #BigBrother #surveillance #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
In the past years there has been a lot of discussion on the topic of state sponsored surveillance. But hardly any material can be accessed to support the general debate due to vaguely declared security concerns. So we are debating Big Brother with little knowledge about what he actually sees, while he is watching. Over the course of three years, I was able to research the archives left by East Germany's Stasi to look for visual memories of this notorious surveillance system and more recently I was invited to spend some weeks looking at the archive by the Czechoslovak StB.
https://media.ccc.de/v/32c3-7209-what_does_big_brother_see_while_he_is_watching
#CCC #32c3 #stasi #BigBrother #surveillance #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Exploiting (Almost) Every Antivirus Software
Summary
Antivirus software is supposed to protect you from malicious threats, but what if that protection could be silently disabled before a threat can even be neutralized? What if that protection could be manipulated to perform certain file operations that would allow the operating system to be compromised or simply rendered unusable by an attacker?
RACK911 Labs has come up with a unique but simple method of using directory junctions (Windows) and symlinks (macOS & Linux) to turn almost every antivirus software into self-destructive tools.
Method of Exploitation
Most antivirus software works in a similar fashion: When an unknown file is saved to the hard drive, the antivirus software will usually perform a “real time scan” either instantly or within a couple of minutes. If the unknown file is determined to be a suspected threat, the file will then be automatically quarantined and moved to a secure location pending further user instructions or it will simply be deleted.
Given the nature of how antivirus software has to operate, almost all of them run in a privileged state meaning the highest level of authority within the operating system. Therein lies a fundamental flaw as the file operations are (almost) always performed at the highest level which opens the door to a wide range of security vulnerabilities and various race conditions.
What most antivirus software fail to take into consideration is the small window of time between the initial file scan that detects the malicious file and the cleanup operation that takes place immediately after. A malicious local user or malware author is often able to perform a race condition via a directory junction (Windows) or a symlink (Linux & macOS) that leverages the privileged file operations to disable the antivirus software or interfere with the operating system to render it useless, etc.
👉🏼 Read more:
https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/
#exploiting #antivirus #RACK911
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Summary
Antivirus software is supposed to protect you from malicious threats, but what if that protection could be silently disabled before a threat can even be neutralized? What if that protection could be manipulated to perform certain file operations that would allow the operating system to be compromised or simply rendered unusable by an attacker?
RACK911 Labs has come up with a unique but simple method of using directory junctions (Windows) and symlinks (macOS & Linux) to turn almost every antivirus software into self-destructive tools.
Method of Exploitation
Most antivirus software works in a similar fashion: When an unknown file is saved to the hard drive, the antivirus software will usually perform a “real time scan” either instantly or within a couple of minutes. If the unknown file is determined to be a suspected threat, the file will then be automatically quarantined and moved to a secure location pending further user instructions or it will simply be deleted.
Given the nature of how antivirus software has to operate, almost all of them run in a privileged state meaning the highest level of authority within the operating system. Therein lies a fundamental flaw as the file operations are (almost) always performed at the highest level which opens the door to a wide range of security vulnerabilities and various race conditions.
What most antivirus software fail to take into consideration is the small window of time between the initial file scan that detects the malicious file and the cleanup operation that takes place immediately after. A malicious local user or malware author is often able to perform a race condition via a directory junction (Windows) or a symlink (Linux & macOS) that leverages the privileged file operations to disable the antivirus software or interfere with the operating system to render it useless, etc.
👉🏼 Read more:
https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/
#exploiting #antivirus #RACK911
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Wormable BUG!
Just by sending an innocent-looking image, #remote #attackers could've taken over an organization's entire roster of #Microsoft Teams' #accounts. (Patch Released)
👉🏼 Read more:
https://thehackernews.com/2020/04/microsoft-teams-vulnerability.html
#wormable #bug #attackers #hack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Just by sending an innocent-looking image, #remote #attackers could've taken over an organization's entire roster of #Microsoft Teams' #accounts. (Patch Released)
👉🏼 Read more:
https://thehackernews.com/2020/04/microsoft-teams-vulnerability.html
#wormable #bug #attackers #hack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Media is too big
VIEW IN TELEGRAM
Hacking health
About hacking wheelchairs, building custom bicycles, adapters to use e-scooters as outboard motors: Empowering people with disablitities or healthcare needs through Open Hardware. Presentation on experiences and lessons learned in collecting and co-creating open personalized DIY healthcare solutions for replicability and adaptability in Makerspace worldwide.
https://vid.lelux.fi/videos/watch/5c2b56de-5e0c-4e9a-a299-52b2547c27cb
#CCC #36C3 #hacking #health #wheelchairs #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
About hacking wheelchairs, building custom bicycles, adapters to use e-scooters as outboard motors: Empowering people with disablitities or healthcare needs through Open Hardware. Presentation on experiences and lessons learned in collecting and co-creating open personalized DIY healthcare solutions for replicability and adaptability in Makerspace worldwide.
https://vid.lelux.fi/videos/watch/5c2b56de-5e0c-4e9a-a299-52b2547c27cb
#CCC #36C3 #hacking #health #wheelchairs #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Chinese internet users who uploaded coronavirus memories to GitHub have been arrested
This story has been updated with comment from volunteers behind a GitHub page.
A group of volunteers in China who worked to prevent digital records of the coronavirus outbreak from being scrubbed by censors are now targets of a crackdown.
Cai Wei, a Beijing-based man who participated in one such project on GitHub, the software development website, was arrested together with his girlfriend by Beijing police on April 19. The couple were accused of “picking quarrels and provoking trouble,” a commonly used charge against dissidents in China, according to Chen Kun, the brother of Chen Mei, another volunteer involved with the project. Chen Mei has been missing since that same day. On April 24, the couple’s families received a police notice that informed them of the charge, and said the two have been put under “residential surveillance at a designated place.” There is still no information about Chen Mei, said his brother.
It is unclear whether the arrest of the couple and the disappearance of Chen are directly linked to their GitHub project, named “Terminus2049.” The Beijing police could not be reached for comment.
👉🏼 Read more:
https://qz.com/1846277/china-arrests-users-behind-github-coronavirus-memories-page/
#China #coronavirus #GitHub #arrested
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
This story has been updated with comment from volunteers behind a GitHub page.
A group of volunteers in China who worked to prevent digital records of the coronavirus outbreak from being scrubbed by censors are now targets of a crackdown.
Cai Wei, a Beijing-based man who participated in one such project on GitHub, the software development website, was arrested together with his girlfriend by Beijing police on April 19. The couple were accused of “picking quarrels and provoking trouble,” a commonly used charge against dissidents in China, according to Chen Kun, the brother of Chen Mei, another volunteer involved with the project. Chen Mei has been missing since that same day. On April 24, the couple’s families received a police notice that informed them of the charge, and said the two have been put under “residential surveillance at a designated place.” There is still no information about Chen Mei, said his brother.
It is unclear whether the arrest of the couple and the disappearance of Chen are directly linked to their GitHub project, named “Terminus2049.” The Beijing police could not be reached for comment.
👉🏼 Read more:
https://qz.com/1846277/china-arrests-users-behind-github-coronavirus-memories-page/
#China #coronavirus #GitHub #arrested
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
PhantomLance spying campaign breaches Google Play security
The four-year-long attack wave has been connected to dozens of malicious apps found in app stores.
Kaspersky has warned of an ongoing campaign in which malicious apps hosted by Google Play are covertly spying and stealing Android user data.
On Tuesday, cybersecurity researchers said the campaign, dubbed PhantomLance, has been active for at least four years and is ongoing.
According to the team, "dozens" of malicious apps connected to PhantomLance and harboring a new Trojan have been discovered in Google Play, the tech giant's official Android mobile application repository. In addition, malicious apps have also been found on the APK download site APKpure.
Back in July 2019, the Doctor Web team published research on a new Trojan buried in an application on Google Play that masqueraded as an OpenGL Plugin.
Once launched, the malicious app simulates a check for new versions of OpenGL ES, but actually installs a backdoor and begins exfiltrating user information.
👉🏼 Read more:
https://www.zdnet.com/article/phantomlance-spying-campaign-breaches-google-play-security/
#phantomlance #google #play #malicious #apps #security #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
The four-year-long attack wave has been connected to dozens of malicious apps found in app stores.
Kaspersky has warned of an ongoing campaign in which malicious apps hosted by Google Play are covertly spying and stealing Android user data.
On Tuesday, cybersecurity researchers said the campaign, dubbed PhantomLance, has been active for at least four years and is ongoing.
According to the team, "dozens" of malicious apps connected to PhantomLance and harboring a new Trojan have been discovered in Google Play, the tech giant's official Android mobile application repository. In addition, malicious apps have also been found on the APK download site APKpure.
Back in July 2019, the Doctor Web team published research on a new Trojan buried in an application on Google Play that masqueraded as an OpenGL Plugin.
Once launched, the malicious app simulates a check for new versions of OpenGL ES, but actually installs a backdoor and begins exfiltrating user information.
👉🏼 Read more:
https://www.zdnet.com/article/phantomlance-spying-campaign-breaches-google-play-security/
#phantomlance #google #play #malicious #apps #security #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Leaked pics from Amazon Ring show potential new surveillance features
Amazon wouldn't be the first consumer company to do it, but it would be the biggest.
Amazon subsidiary Ring, which has partnerships with almost 1,200 law enforcement agencies nationwide, does not currently include facial recognition or license plate scanning tools in its home surveillance line of consumer products. The company appears to be evaluating the feature feasibility of adding both tools, however, raising additional privacy concerns for its pervasive platform.
Ring last week distributed a confidential survey to beta testers weighing sentiment and demand for several potential new features in future versions of its software. According to screenshots shared with Ars, potential new features for Ring include options for enabling or disabling the camera both physically and remotely, both visual and audible alarms to ward off "would-be criminals," and potential object, facial, and license plate detection.
Such surveys usually include options a company is considering offering, though not necessarily actively planning to implement. The source who shared the survey with Ars, who asked not to be identified for fear of retaliation, described these options as the "most troubling" of a much larger set of potential features described in the survey.
👉🏼 Read more:
https://arstechnica.com/tech-policy/2020/04/ring-cameras-may-someday-scan-license-plates-and-faces-leak-shows/
#DeleteAmazon #ring #cameras #surveillance #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Amazon wouldn't be the first consumer company to do it, but it would be the biggest.
Amazon subsidiary Ring, which has partnerships with almost 1,200 law enforcement agencies nationwide, does not currently include facial recognition or license plate scanning tools in its home surveillance line of consumer products. The company appears to be evaluating the feature feasibility of adding both tools, however, raising additional privacy concerns for its pervasive platform.
Ring last week distributed a confidential survey to beta testers weighing sentiment and demand for several potential new features in future versions of its software. According to screenshots shared with Ars, potential new features for Ring include options for enabling or disabling the camera both physically and remotely, both visual and audible alarms to ward off "would-be criminals," and potential object, facial, and license plate detection.
Such surveys usually include options a company is considering offering, though not necessarily actively planning to implement. The source who shared the survey with Ars, who asked not to be identified for fear of retaliation, described these options as the "most troubling" of a much larger set of potential features described in the survey.
👉🏼 Read more:
https://arstechnica.com/tech-policy/2020/04/ring-cameras-may-someday-scan-license-plates-and-faces-leak-shows/
#DeleteAmazon #ring #cameras #surveillance #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Two Usenet providers blame data breaches on partner company
Remember Usenet?
Two companies that provide Usenet services have disclosed security breaches today. The two companies, UseNeXT and Usenet.nl, blamed the breaches on "a security vulnerability at a partner company."
Neither UseNeXT nor Usenet.nl have named the third-party company whose software enabled the intrusion. It is unclear if this is referring to a Usenet desktop client or a server-side service.
Both Usenet providers have now shut down their websites to investigate the breach.
According to a near-identical message posted on both sites [1, 2], the two companies say the intruder gained access to information such as names, billing addresses, payment details (IBAN and account number), and other information users provided during the process of creating an account on the two websites.
👉🏼 Read more:
https://www.zdnet.com/article/two-usenet-providers-blame-data-breaches-on-partner-company/
#usenet #breach #UseNeXT #Usenetnl
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Remember Usenet?
Two companies that provide Usenet services have disclosed security breaches today. The two companies, UseNeXT and Usenet.nl, blamed the breaches on "a security vulnerability at a partner company."
Neither UseNeXT nor Usenet.nl have named the third-party company whose software enabled the intrusion. It is unclear if this is referring to a Usenet desktop client or a server-side service.
Both Usenet providers have now shut down their websites to investigate the breach.
According to a near-identical message posted on both sites [1, 2], the two companies say the intruder gained access to information such as names, billing addresses, payment details (IBAN and account number), and other information users provided during the process of creating an account on the two websites.
👉🏼 Read more:
https://www.zdnet.com/article/two-usenet-providers-blame-data-breaches-on-partner-company/
#usenet #breach #UseNeXT #Usenetnl
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
Would You Have Fallen for This Phone Scam?
You may have heard that today’s phone fraudsters like to use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.
Last week, KrebsOnSecurity told the harrowing tale of a reader (a security expert, no less) who tried to turn the tables on his telephonic tormentors and failed spectacularly. In that episode, the people impersonating his bank not only spoofed the bank’s real phone number, but they were also pretending to be him on a separate call at the same time with his bank.
This foiled his efforts to make sure it was really his bank that called him, because he called his bank with another phone and the bank confirmed they currently were in a separate call with him discussing fraud on his account (however, the other call was the fraudster pretending to be him).
Shortly after that story ran, I heard from another reader — we’ll call him “Jim” since he didn’t want his real name used for this story — whose wife was the target of a similar scam, albeit with an important twist: The scammers were armed with information about a number of her recent financial transactions, which he claims they got from the bank’s own automated phone system just by spoofing her phone number.
👉🏼 Read more:
https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/
#phone #scam #KrebsOnSecurity
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN
You may have heard that today’s phone fraudsters like to use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.
Last week, KrebsOnSecurity told the harrowing tale of a reader (a security expert, no less) who tried to turn the tables on his telephonic tormentors and failed spectacularly. In that episode, the people impersonating his bank not only spoofed the bank’s real phone number, but they were also pretending to be him on a separate call at the same time with his bank.
This foiled his efforts to make sure it was really his bank that called him, because he called his bank with another phone and the bank confirmed they currently were in a separate call with him discussing fraud on his account (however, the other call was the fraudster pretending to be him).
Shortly after that story ran, I heard from another reader — we’ll call him “Jim” since he didn’t want his real name used for this story — whose wife was the target of a similar scam, albeit with an important twist: The scammers were armed with information about a number of her recent financial transactions, which he claims they got from the bank’s own automated phone system just by spoofing her phone number.
👉🏼 Read more:
https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/
#phone #scam #KrebsOnSecurity
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN