Forwarded from cRyPtHoNβ’ INFOSEC (EN)
[Update: Official statement] Evidence points to a Play Store ad fraud scheme by Chinese Baidu spin-off DO Global
For a long time, the Play Store could be considered the wild west of app distribution, especially compared to Apple's inherently more restrictive App Store. Google is working on improvements though and is becoming more stringent on app permissions, among other things. Still, we're back with another ad fraud scheme right inside the Store, following in the footsteps of last year's Cheetah Mobile investigation. Another Chinese app developer, DO Global, is alleged to have added code in its apps that automatically clicks on ads without users' knowledge.
https://www.androidpolice.com/2019/04/29/evidence-points-to-a-play-store-ad-fraud-scheme-by-chinese-baidu-spin-off-do-global/
#deletegoogle #deletegoogleplay
π‘@cRyPtHoN_INFOSEC_ES
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
For a long time, the Play Store could be considered the wild west of app distribution, especially compared to Apple's inherently more restrictive App Store. Google is working on improvements though and is becoming more stringent on app permissions, among other things. Still, we're back with another ad fraud scheme right inside the Store, following in the footsteps of last year's Cheetah Mobile investigation. Another Chinese app developer, DO Global, is alleged to have added code in its apps that automatically clicks on ads without users' knowledge.
https://www.androidpolice.com/2019/04/29/evidence-points-to-a-play-store-ad-fraud-scheme-by-chinese-baidu-spin-off-do-global/
#deletegoogle #deletegoogleplay
π‘@cRyPtHoN_INFOSEC_ES
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
Forwarded from Rahul Patel
AuroraStore_3.0.4_fallback.apk
6 MB
Fallback build with Yalp's Token Dispenser, while I fix mine !
Librem One by Purism Wants to Help De-Google Your Life
https://www.omgubuntu.co.uk/2019/04/purism-privacy-android-ios-apps
https://librem.one
#librem #libremone #alternatives
https://www.omgubuntu.co.uk/2019/04/purism-privacy-android-ios-apps
https://librem.one
#librem #libremone #alternatives
OMG! Ubuntu!
Librem One Campaign Will De-Google Your Life for $7.99/m
Purism announce a suite of privacy focused mobile apps for Android and iOS devices, including a encrypted VPN and chat client, and a private e-mail service.
Forwarded from cRyPtHoNβ’ INFOSEC (EN)
Not Managing Open Source Opens Door for Hackers
Organizations continue to face challenges with managing open source risk, according to a new report published today by published today by Synopsys Cybersecurity Research Center (CyRC).
The annual Open Source Security and Risk Analysis (OSSRA) Report, analyzed the anonymized data of over 1,200 commercial codebases from 2018 and found that 96% contained open source components, with an average of 298 open source components per codebase. The results reflect an increase from the number of codebases in 2017, which was only 257.
https://www.infosecurity-magazine.com/news/not-managing-open-source-opens-1/
Read Via Telegram
π‘@cRyPtHoN_INFOSEC_ES
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
Organizations continue to face challenges with managing open source risk, according to a new report published today by published today by Synopsys Cybersecurity Research Center (CyRC).
The annual Open Source Security and Risk Analysis (OSSRA) Report, analyzed the anonymized data of over 1,200 commercial codebases from 2018 and found that 96% contained open source components, with an average of 298 open source components per codebase. The results reflect an increase from the number of codebases in 2017, which was only 257.
https://www.infosecurity-magazine.com/news/not-managing-open-source-opens-1/
Read Via Telegram
π‘@cRyPtHoN_INFOSEC_ES
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
/e/
A pro-privacy Android ROM and online services
https://gitlab.e.foundation/e/wiki/en/wikis/e-product-description-pro-privacy-Android-ROM-and-online-services
@mydataismydata
https://e.foundation
Analysis of /e/ by infosec-handbook:
https://infosec-handbook.eu/blog/e-foundation-first-look
Response by GaΓ«l Duval:
https://hackernoon.com/leaving-apple-google-how-is-e-actually-google-free-1ba24e29efb9
Another critic: ewwlo.xyz
#e #/e/ #rom #services
A pro-privacy Android ROM and online services
https://gitlab.e.foundation/e/wiki/en/wikis/e-product-description-pro-privacy-Android-ROM-and-online-services
@mydataismydata
https://e.foundation
Analysis of /e/ by infosec-handbook:
https://infosec-handbook.eu/blog/e-foundation-first-look
Response by GaΓ«l Duval:
https://hackernoon.com/leaving-apple-google-how-is-e-actually-google-free-1ba24e29efb9
Another critic: ewwlo.xyz
#e #/e/ #rom #services
Goolag adds buttons for a false sense of security
Introducing auto-delete controls for your Location History and activity data
https://www.blog.google/technology/safety-security/automatically-delete-data/
#google #location #history
Introducing auto-delete controls for your Location History and activity data
https://www.blog.google/technology/safety-security/automatically-delete-data/
#google #location #history
Google
Introducing auto-delete controls for your Location History and activity data
New auto-delete controls to manage your account data.
A doorbell company owned by Amazon wants to start producing βcrime newsβ and itβll definitely end well
Because what good is a panopticon if you canβt generate some clicks?
With "Ring" Amazon manufactures intercoms with video function. So far, so good. Now the company wants to turn the recorded material directly and indirectly into money and is setting up its own media department. This department will probably process the most exciting recordings in the well-known reality TV style and bring them to the people with a "journalistic" touch. Practical side effect: Ring has a suitable offer for those who are afraid of the videos.
https://www.niemanlab.org/2019/04/a-doorbell-company-owned-by-amazon-wants-to-start-producing-crime-news-and-itll-definitely-end-well/
The Doorbell Company Thatβs Selling Fear: Amazon-owned Ring is hiring editors to push local crime news to its users
https://www.theatlantic.com/ideas/archive/2019/05/amazon-owned-ring-wants-report-crime-news/588394/
π‘ @NoGoolag
#Ring #amazon #DeleteAmazon #doorbell #crimenews #realityTV #why
Because what good is a panopticon if you canβt generate some clicks?
With "Ring" Amazon manufactures intercoms with video function. So far, so good. Now the company wants to turn the recorded material directly and indirectly into money and is setting up its own media department. This department will probably process the most exciting recordings in the well-known reality TV style and bring them to the people with a "journalistic" touch. Practical side effect: Ring has a suitable offer for those who are afraid of the videos.
https://www.niemanlab.org/2019/04/a-doorbell-company-owned-by-amazon-wants-to-start-producing-crime-news-and-itll-definitely-end-well/
The Doorbell Company Thatβs Selling Fear: Amazon-owned Ring is hiring editors to push local crime news to its users
https://www.theatlantic.com/ideas/archive/2019/05/amazon-owned-ring-wants-report-crime-news/588394/
π‘ @NoGoolag
#Ring #amazon #DeleteAmazon #doorbell #crimenews #realityTV #why
Nieman Lab
A doorbell company owned by Amazon wants to start producing βcrime newsβ and itβll definitely end well
Because what good is a panopticon if you can't generate some clicks?
Forwarded from cRyPtHoNβ’ INFOSEC (EN)
Criminals are hiding in Telegram β but backdoors are not the answer
When it comes to an easy life, the criminals behind the fearful Anubis banking malware have become big fans of Twitter and, increasingly, the secure messaging of Telegram.
Thereβs nothing new in malware piggybacking on popular services but why Twitter and Telegram, and is the recent migration to secure messaging significant?
https://nakedsecurity.sophos.com/2019/05/03/criminals-are-hiding-in-telegram-but-backdoors-are-not-the-answer/
Read Via Telegram
π‘@cRyPtHoN_INFOSEC_ES
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
When it comes to an easy life, the criminals behind the fearful Anubis banking malware have become big fans of Twitter and, increasingly, the secure messaging of Telegram.
Thereβs nothing new in malware piggybacking on popular services but why Twitter and Telegram, and is the recent migration to secure messaging significant?
https://nakedsecurity.sophos.com/2019/05/03/criminals-are-hiding-in-telegram-but-backdoors-are-not-the-answer/
Read Via Telegram
π‘@cRyPtHoN_INFOSEC_ES
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
Forwarded from cRyPtHoNβ’ INFOSEC (EN)
ACLU: Border Agents Violate Constitution When They Search Electronic Devices
The American Civil Liberties Union says it has uncovered new evidence that federal border agents are violating the Constitution when they search travelers' electronic devices.
The ACLU, along with the Electronic Frontier Foundation, sued the federal government in 2017, alleging that its "warrantless and suspicionless searches" of electronic devices at the U.S. ports of entry violated the First and Fourth amendments. Lawyers now say that, through depositions of border agents, they have learned that the scope of the warrantless searches has expanded far beyond the mere enforcement of immigration and customs laws.
https://www.npr.org/2019/05/02/719337356/aclu-border-agents-violate-constitution-when-they-search-electronic-devices
Read Via Telegram
π‘@cRyPtHoN_INFOSEC_ES
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
The American Civil Liberties Union says it has uncovered new evidence that federal border agents are violating the Constitution when they search travelers' electronic devices.
The ACLU, along with the Electronic Frontier Foundation, sued the federal government in 2017, alleging that its "warrantless and suspicionless searches" of electronic devices at the U.S. ports of entry violated the First and Fourth amendments. Lawyers now say that, through depositions of border agents, they have learned that the scope of the warrantless searches has expanded far beyond the mere enforcement of immigration and customs laws.
https://www.npr.org/2019/05/02/719337356/aclu-border-agents-violate-constitution-when-they-search-electronic-devices
Read Via Telegram
π‘@cRyPtHoN_INFOSEC_ES
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
Tutanota launches Secure Connect, an encrypted contact form, to support Press Freedom. Secure Connect is an open source encrypted communication tool which lets people communicate with the representative of a website securely and anonymously.
https://tutanota.com/blog/posts/tutanota-launches-secure-connect-encrypted-contact-form
#secureconnect #tutanota #press
https://tutanota.com/blog/posts/tutanota-launches-secure-connect-encrypted-contact-form
#secureconnect #tutanota #press
Tutanota
Tutanota launches Secure Connect, an encrypted contact form, to support Press Freedom
Secure Connect is an open source encrypted communication tool which lets people communicate with the representative of a website securely and anonymously.
https://www.bleepingcomputer.com/news/software/firefox-addons-being-disabled-due-to-an-expired-certificate/
#ff
#ff
BleepingComputer
Firefox Addons Being Disabled Due to an Expired Certificate
Mozilla Firefox users are discovering that all of their addons were suddenly disabled. It turns out that this is being caused by an expired intermediary certificate used to sign Mozilla addons.
If you are having issues with extensions in your Firefox getting disabled, there was an issue with the signing certificate of Mozilla. They have already sent out a patch for that, but it requires you to enable Studies (privacy issue!!).
To bypass that, you can install the patch directly from the link below
https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi
ββββββ
Sources
[0] https://news.ycombinator.com/item?id=19826903
[1] https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/comment-page-6/#comment-226171
[2] https://normandy.cdn.mozilla.net/api/v1/recipe/
To bypass that, you can install the patch directly from the link below
https://storage.googleapis.com/moz-fx-normandy-prod-addons/extensions/hotfix-update-xpi-intermediate%40mozilla.com-1.0.2-signed.xpi
ββββββ
Sources
[0] https://news.ycombinator.com/item?id=19826903
[1] https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/comment-page-6/#comment-226171
[2] https://normandy.cdn.mozilla.net/api/v1/recipe/
Mozilla Add-ons Blog
Add-ons disabled or failing to install in Firefox
Incident summary Updates - Last updated 14:35 PST May 14, 2019. We expect this to be our final update. If you are running ...
Alternative way:
Go to: https://normandy.cdn.mozilla.net/api/v1/recipe/
there, search "Update XPI signing intermediate" and you find the
Go to: https://normandy.cdn.mozilla.net/api/v1/recipe/
there, search "Update XPI signing intermediate" and you find the
addonUrl
parameter with the link to the XPIAurora Store
Aurora Store is an UnOfficial FOSS client to Google's Play Store, with an elegant design, using Aurora you can download apps,
update existing apps, search for apps, get details about in-app trackers and much more.
You can also Spoof your Device Information, Language and Region to get access to the apps that are not yet available
or restricted in your Country|Device.
Aurora Store does not require Google's Proprietary Framework (Spyware ?) to operate, it works perfectly fine with
or without GooglePlayService or MicroG. Thereby avoding the various concerned *userdata & privacy issues.
π Readme
https://gitlab.com/AuroraOSS/AuroraStore/blob/master/README.md
π£ Telegram Group:
t.me/AuroraSupport
π‘ Releases Channel:
t.me/AuroraOfficial
XDA:
https://forum.xda-developers.com/android/apps-games/galaxy-playstore-alternative-t3739733
4PDA
https://4pda.ru/forum/index.php?showtopic=887569
β¬οΈ Downloads:
- Join the telegram group for the most recent alpha and beta builds
F-Droid
https://f-droid.org/app/com.aurora.store
XDA Labs
https://labs.xda-developers.com/store/app/com.aurora.store
Nightly builds
(Not recomended for daily use)
http://auroraoss.com/Nightly
π How to use GeoSpoof to download apps that are not available in your region
https://telegra.ph/Aurora-Store-GeoSpoof-08-13
π Translations:
https://poeditor.com/join/project/54swaCpFXJ
β¨οΈ Source Code:
https://gitlab.com/AuroraOSS/AuroraStore
π‘ @NoGoolag
#aurora #store #playstore #alternative #yalp
Aurora Store is an UnOfficial FOSS client to Google's Play Store, with an elegant design, using Aurora you can download apps,
update existing apps, search for apps, get details about in-app trackers and much more.
You can also Spoof your Device Information, Language and Region to get access to the apps that are not yet available
or restricted in your Country|Device.
Aurora Store does not require Google's Proprietary Framework (Spyware ?) to operate, it works perfectly fine with
or without GooglePlayService or MicroG. Thereby avoding the various concerned *userdata & privacy issues.
π Readme
https://gitlab.com/AuroraOSS/AuroraStore/blob/master/README.md
π£ Telegram Group:
t.me/AuroraSupport
π‘ Releases Channel:
t.me/AuroraOfficial
XDA:
https://forum.xda-developers.com/android/apps-games/galaxy-playstore-alternative-t3739733
4PDA
https://4pda.ru/forum/index.php?showtopic=887569
β¬οΈ Downloads:
- Join the telegram group for the most recent alpha and beta builds
F-Droid
https://f-droid.org/app/com.aurora.store
XDA Labs
https://labs.xda-developers.com/store/app/com.aurora.store
Nightly builds
(Not recomended for daily use)
http://auroraoss.com/Nightly
π How to use GeoSpoof to download apps that are not available in your region
https://telegra.ph/Aurora-Store-GeoSpoof-08-13
π Translations:
https://poeditor.com/join/project/54swaCpFXJ
β¨οΈ Source Code:
https://gitlab.com/AuroraOSS/AuroraStore
π‘ @NoGoolag
#aurora #store #playstore #alternative #yalp
GitLab
README.md Β· master Β· Aurora OSS / AuroraStore Β· GitLab
An unofficial FOSS client to Google Play.
Magisk developer John Wu picks up internship at Apple
Among Android root and ROM enthusiasts, the name John Wu is well-known, being attached to the developer responsible for Magisk. Wu's systemless root solution has had a blistering development pace, repeatedly beating Google when it comes to the cat and mouse game imposed by SafetyNet and other system changes. But today the 23-year-old developer has announced a surprising career move: He's going to be an intern at Apple for the next four months.
It's fairly astounding that Google didn't try to snap him up, given both his deep familiarity with the platform and his well-recognized status among the Android enthusiast development community. Google's loss is Apple's gain, though.
https://www.androidpolice.com/2019/05/04/magisk-developer-john-wu-picks-up-internship-at-apple/
π‘@cRyPtHoN_INFOSEC_ES
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
Among Android root and ROM enthusiasts, the name John Wu is well-known, being attached to the developer responsible for Magisk. Wu's systemless root solution has had a blistering development pace, repeatedly beating Google when it comes to the cat and mouse game imposed by SafetyNet and other system changes. But today the 23-year-old developer has announced a surprising career move: He's going to be an intern at Apple for the next four months.
It's fairly astounding that Google didn't try to snap him up, given both his deep familiarity with the platform and his well-recognized status among the Android enthusiast development community. Google's loss is Apple's gain, though.
https://www.androidpolice.com/2019/05/04/magisk-developer-john-wu-picks-up-internship-at-apple/
π‘@cRyPtHoN_INFOSEC_ES
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
Please vote NO in this poll from @itsrevengeos / @RevengeOSNews
All roms should be spyware free.
Let masochism be opt-in, not by default.
All roms should be spyware free.
Let masochism be opt-in, not by default.
Forwarded from Zhenxiang Chen