Forwarded from BlackBox (Security) Archiv
2020-DOD-CHINA-MILITARY-POWER-REPORT-FINAL.PDF
6.9 MB
Military and Security Developments Involving the Peopleβs Republic of China 2020
Annual Report to Congress - A Report to Congress Pursuant to the National Defense Authorization Act forFiscal Year 2000, as Amended.
π ππΌ (PDF):
https://media.defense.gov/2020/Sep/01/2002488689/-1/-1/1/2020-DOD-CHINA-MILITARY-POWER-REPORT-FINAL.PDF
π ππΌ China βeyes four African nations for military basesβ:
https://citinewsroom.com/2020/09/china-eyes-four-african-nations-for-military-bases/
#dod #military #power #report #china #usa #afrika #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Annual Report to Congress - A Report to Congress Pursuant to the National Defense Authorization Act forFiscal Year 2000, as Amended.
π ππΌ (PDF):
https://media.defense.gov/2020/Sep/01/2002488689/-1/-1/1/2020-DOD-CHINA-MILITARY-POWER-REPORT-FINAL.PDF
π ππΌ China βeyes four African nations for military basesβ:
https://citinewsroom.com/2020/09/china-eyes-four-african-nations-for-military-bases/
#dod #military #power #report #china #usa #afrika #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Forwarded from BlackBox (Security) Archiv
Your digital privacy is under attack. Can anything be done to protect it?
A committee from the Council of Europe is concerned with the use of technology for mass surveillance programs.
Intelligence services around the world should be kept in check by an international body with the power to make sure governments don't misuse personal data for surveillance purposes, said the Council of Europe's data protection committee chairs in a joint statement.
Countries should agree at an international level on the extent to which the surveillance carried out by intelligence services can be authorized and under which conditions, recommended the committee. The agreement should come as a legal tool that could be enforced independently by a data protection body that is yet to be created.
The European human rights organization said that calls for better data protection at an international level are especially relevant in times of crisis, when circumstances provide governments with an opportunity to lawfully restrict citizens' privacy rights.
π ππΌ https://www.zdnet.com/article/your-digital-privacy-is-under-attack-can-anything-be-done-to-protect-it
π ππΌ Better protecting individuals in the context ofinternational data flows (PDF):
https://rm.coe.int/statement-schrems-ii-final-002-/16809f79cb
#digital #privacy #attack #data #flows #thinkabout #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
A committee from the Council of Europe is concerned with the use of technology for mass surveillance programs.
Intelligence services around the world should be kept in check by an international body with the power to make sure governments don't misuse personal data for surveillance purposes, said the Council of Europe's data protection committee chairs in a joint statement.
Countries should agree at an international level on the extent to which the surveillance carried out by intelligence services can be authorized and under which conditions, recommended the committee. The agreement should come as a legal tool that could be enforced independently by a data protection body that is yet to be created.
The European human rights organization said that calls for better data protection at an international level are especially relevant in times of crisis, when circumstances provide governments with an opportunity to lawfully restrict citizens' privacy rights.
π ππΌ https://www.zdnet.com/article/your-digital-privacy-is-under-attack-can-anything-be-done-to-protect-it
π ππΌ Better protecting individuals in the context ofinternational data flows (PDF):
https://rm.coe.int/statement-schrems-ii-final-002-/16809f79cb
#digital #privacy #attack #data #flows #thinkabout #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
ZDNet
Your digital privacy is under attack. Can anything be done to protect it? | ZDNet
A committee from the Council of Europe is concerned with the use of technology for mass surveillance programs.
Forwarded from BlackBox (Security) Archiv
Fishing in the Piracy Stream: How the Dark Web of Entertainment is Exposing Consumers to Harm
Digital Citizens Investigation Finds Malware on PiracyApps That Steal User Names and Passwords, Probe to Breach Networks, and Secretly Upload Data.
π ππΌ (PDF)
https://www.digitalcitizensalliance.org/clientuploads/directory/Reports/DCA_Fishing_in_the_Piracy_Stream_v6.pdf
π ππΌ Read as well:
Dark Web-Hosted Movies and Fake Apps Are Costing the US Movie and TV Industry Billions Every Year
http://tapeucwutvne7l5o.onion/dark-web-hosted-movies-and-fake-apps-are-costing-the-us-movie-and-tv-industry-billions-every-year
#darknet #darkweb #movies #piracy #report #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Digital Citizens Investigation Finds Malware on PiracyApps That Steal User Names and Passwords, Probe to Breach Networks, and Secretly Upload Data.
π ππΌ (PDF)
https://www.digitalcitizensalliance.org/clientuploads/directory/Reports/DCA_Fishing_in_the_Piracy_Stream_v6.pdf
π ππΌ Read as well:
Dark Web-Hosted Movies and Fake Apps Are Costing the US Movie and TV Industry Billions Every Year
http://tapeucwutvne7l5o.onion/dark-web-hosted-movies-and-fake-apps-are-costing-the-us-movie-and-tv-industry-billions-every-year
#darknet #darkweb #movies #piracy #report #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Forwarded from BlackBox (Security) Archiv
Bitcoin Inventory Out-of-Memory Denial-of-Service Attack - Researcher kept a major Bitcoin bug secret for two years to prevent attacks
The INVDoS bug would have allowed attackers to crash Bitcoin nodes and other similar blockchains.
In 2018, a security researcher discovered a major vulnerability in Bitcoin Core, the software that powers the Bitcoin blockchain, but after reporting the issue and having it patched, the researcher opted to keep details private in order to avoid hackers exploiting the issue.
Technical details were published earlier this week after the same vulnerability was independently discovered in another cryptocurrency, based on an older version of the Bitcoin code that hadn't received the patch.
Called INVDoS, the vulnerability is a classic denial-of-service (DoS) attack. While in many cases, DoS attacks are harmless, they are not for internet-reachable systems, which need to have stable uptime in order to process transactions.
INVDoS was discovered in 2018 by Braydon Fuller, a Bitcoin protocol engineer. Fuller found that an attacker could create malformed Bitcoin transactions that, when processed by Bitcoin blockchain nodes, would lead to uncontrolled consumption of the server's memory resources, which would eventually crash impacted systems.
π ππΌ CVE-2018-17145: Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (pdf)
https://invdos.net/paper/CVE-2018-17145.pdf
π ππΌ https://www.zdnet.com/article/researcher-kept-a-major-bitcoin-bug-secret-for-two-years-to-prevent-attacks
#researcher #bitcoin #bug #INVDoS #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
The INVDoS bug would have allowed attackers to crash Bitcoin nodes and other similar blockchains.
In 2018, a security researcher discovered a major vulnerability in Bitcoin Core, the software that powers the Bitcoin blockchain, but after reporting the issue and having it patched, the researcher opted to keep details private in order to avoid hackers exploiting the issue.
Technical details were published earlier this week after the same vulnerability was independently discovered in another cryptocurrency, based on an older version of the Bitcoin code that hadn't received the patch.
Called INVDoS, the vulnerability is a classic denial-of-service (DoS) attack. While in many cases, DoS attacks are harmless, they are not for internet-reachable systems, which need to have stable uptime in order to process transactions.
INVDoS was discovered in 2018 by Braydon Fuller, a Bitcoin protocol engineer. Fuller found that an attacker could create malformed Bitcoin transactions that, when processed by Bitcoin blockchain nodes, would lead to uncontrolled consumption of the server's memory resources, which would eventually crash impacted systems.
π ππΌ CVE-2018-17145: Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (pdf)
https://invdos.net/paper/CVE-2018-17145.pdf
π ππΌ https://www.zdnet.com/article/researcher-kept-a-major-bitcoin-bug-secret-for-two-years-to-prevent-attacks
#researcher #bitcoin #bug #INVDoS #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Forwarded from BlackBox (Security) Archiv
Welcome to the quantum Internet, with privacy guaranteed by the laws of physics
Quantum computing is gradually moving from the realm of science β and even science fiction β to become a practical technology that is being used in real-life contexts.
Three years ago, Privacy News Online wrote about one aspect β the possibility that quantum computers will be able to unlock all of todayβs encryption, including the strongest. But increasingly, a more positive vision of quantum computing is emerging. It is centered around the creation of what is being called the quantum Internet.
Thatβs just a shorthand way of saying a global network of quantum computers and other devices based on the physics of quantum mechanics, able to exchange information much as ordinary systems do across todayβs non-quantum Internet. But the quantum version has one crucial property that makes it of great importance for privacy: it offers a fundamentally secure way of communication in which privacy is guaranteed by the laws of physics.
Thatβs because the quantum bits β qubits β that move across a quantum network link are subject to the observer effect: any attempt to monitor them as they traverse the network would modify them. As a result, it will be evident when things like encryption keys or data have been compromised en route. There is no way around this β it is an inherent property of quantum mechanical systems β which is why so many companies and governments are exploring how to create quantum networks and the quantum Internet.
π ππΌ https://www.privateinternetaccess.com/blog/welcome-to-the-quantum-internet-with-privacy-guaranteed-by-the-laws-of-physics/
π ππΌ (pdf)
https://www.energy.gov/sites/prod/files/2020/07/f76/QuantumWkshpRpt20FINAL_Nav_0.pdf
#quantum #internet #privacy #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Quantum computing is gradually moving from the realm of science β and even science fiction β to become a practical technology that is being used in real-life contexts.
Three years ago, Privacy News Online wrote about one aspect β the possibility that quantum computers will be able to unlock all of todayβs encryption, including the strongest. But increasingly, a more positive vision of quantum computing is emerging. It is centered around the creation of what is being called the quantum Internet.
Thatβs just a shorthand way of saying a global network of quantum computers and other devices based on the physics of quantum mechanics, able to exchange information much as ordinary systems do across todayβs non-quantum Internet. But the quantum version has one crucial property that makes it of great importance for privacy: it offers a fundamentally secure way of communication in which privacy is guaranteed by the laws of physics.
Thatβs because the quantum bits β qubits β that move across a quantum network link are subject to the observer effect: any attempt to monitor them as they traverse the network would modify them. As a result, it will be evident when things like encryption keys or data have been compromised en route. There is no way around this β it is an inherent property of quantum mechanical systems β which is why so many companies and governments are exploring how to create quantum networks and the quantum Internet.
π ππΌ https://www.privateinternetaccess.com/blog/welcome-to-the-quantum-internet-with-privacy-guaranteed-by-the-laws-of-physics/
π ππΌ (pdf)
https://www.energy.gov/sites/prod/files/2020/07/f76/QuantumWkshpRpt20FINAL_Nav_0.pdf
#quantum #internet #privacy #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Privacy News Online by Private Internet Access VPN
Welcome to the quantum Internet, with privacy guaranteed by the laws of physics
Quantum computing is gradually moving from the realm of science β and even science fiction β to become a practical technology that is being used in
Forwarded from BlackBox (Security) Archiv
In China, smart locks are being used to track citizens and enforce lockdowns
Proprietary "smart" devices are an absolute nightmare. If users can't audit the code they don't know what they are doing and the device works for the tech company selling it rather than the user.
π ππΌ See here: https://moniotrlab.ccis.neu.edu/wp-content/uploads/2019/09/ren-imc19.pdf
On a really basic level think about the information someone can infer just by looking at data from devices like this:
Your door is opened and locked at 7:30 am everyday and then reopened and unlocked at 6:30 pm but never during the hours in between? Chances are you ....
π ππΌ https://www.reddit.com/r/privacytoolsIO/comments/its9h7
#smart #locks #thinkabout #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Proprietary "smart" devices are an absolute nightmare. If users can't audit the code they don't know what they are doing and the device works for the tech company selling it rather than the user.
π ππΌ See here: https://moniotrlab.ccis.neu.edu/wp-content/uploads/2019/09/ren-imc19.pdf
On a really basic level think about the information someone can infer just by looking at data from devices like this:
Your door is opened and locked at 7:30 am everyday and then reopened and unlocked at 6:30 pm but never during the hours in between? Chances are you ....
π ππΌ https://www.reddit.com/r/privacytoolsIO/comments/its9h7
#smart #locks #thinkabout #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Forwarded from BlackBox (Security) Archiv
Brusselsβ plan to rein in Big Tech takes shape
The Commission is drawing up a list of actions tech companies can and canβt do, especially for the most powerful.
The EU is preparing for its biggest-ever effort to regulate the tech industry β drawing up extensive rules to govern what tech companies can and cannot do.
Three European Commission internal documents, seen by POLITICO, indicate that Brussels is drawing up a wide range of legislative tools to prohibit what it sees as anti-competitive behavior and oblige companies to do more to protect their users against illegal content and activities.
"This crisis has shown the role and the systemic character of certain platforms that often behave as if they were too big to care about legitimate concerns about their roles: too big to care," Internal Market Commissioner Thierry Breton told the European Parliament this week, an apparent reference to "too big to fail," a criticism leveled at powerful banks after the 2008 financial crisis.
The Commission is expected to present its proposals, known collectively as the Digital Services Act (DSA), in December. The legislative package will include content moderation requirements applying to a wide range of online platforms, as well as so-called ex ante rules for the largest tech companies.
The plans come as Big Tech companies are under intense scrutiny on both sides of the Atlantic.
π ππΌ https://www.politico.eu/article/digital-services-act-brussels-plan-to-rein-in-big-tech-takes-shape-thierry-breton-margrethe-vestager/
π ππΌ (PDF)
https://www.politico.eu/wp-content/uploads/2020/09/SKM_C45820093011040.pdf
#eu #blacklist #bigtech #DSA #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
The Commission is drawing up a list of actions tech companies can and canβt do, especially for the most powerful.
The EU is preparing for its biggest-ever effort to regulate the tech industry β drawing up extensive rules to govern what tech companies can and cannot do.
Three European Commission internal documents, seen by POLITICO, indicate that Brussels is drawing up a wide range of legislative tools to prohibit what it sees as anti-competitive behavior and oblige companies to do more to protect their users against illegal content and activities.
"This crisis has shown the role and the systemic character of certain platforms that often behave as if they were too big to care about legitimate concerns about their roles: too big to care," Internal Market Commissioner Thierry Breton told the European Parliament this week, an apparent reference to "too big to fail," a criticism leveled at powerful banks after the 2008 financial crisis.
The Commission is expected to present its proposals, known collectively as the Digital Services Act (DSA), in December. The legislative package will include content moderation requirements applying to a wide range of online platforms, as well as so-called ex ante rules for the largest tech companies.
The plans come as Big Tech companies are under intense scrutiny on both sides of the Atlantic.
π ππΌ https://www.politico.eu/article/digital-services-act-brussels-plan-to-rein-in-big-tech-takes-shape-thierry-breton-margrethe-vestager/
π ππΌ (PDF)
https://www.politico.eu/wp-content/uploads/2020/09/SKM_C45820093011040.pdf
#eu #blacklist #bigtech #DSA #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
POLITICO
Brusselsβ plan to rein in Big Tech takes shape
The Commission is drawing up a list of actions tech companies can and canβt do, especially for the most powerful.
Forwarded from BlackBox (Security) Archiv
Internet history can be used for βreidentificationβ finds study by Mozilla
A recent research paper has reaffirmed that our internet history can be reliably used to identify us. The research was conducted by Sarah Bird, Ilana Segall, and Martin Lopatka from Mozilla and is titled: Replication: Why We Still Canβt Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories. The paper was released at the Symposium on Usable Privacy and Security and is a continuation of a 2012 paper that highlighted the same reidentifiability problem.
βΌοΈ Just your internet history can be used to reidentify you on the internet βΌοΈ
Using data from 52,000 consenting Firefox users, the researchers were able to identify 48,919 distinct browsing profiles which had 99% uniqueness.
This is especially concerning because internet history is routinely sold by your internet service provider (ISP) and mobile data provider to third party advertising and marketing firms which are demonstrably able to tie a list of sites back to an individual they already have a profile on β even if the ISP claims to be βanonymizingβ the data being sold. This is a legally sanctioned activity ever since 2017 when Congress voted to get rid of broadband privacy and allow the monetization of this type of data collection.
This type of βhistory-based profilingβ is undoubtedly being used to build ad profiles on internet users around the world. Previous studies have shown that an IP address usually stays static for about a month β which the researchers noted: βis more than enough time to build reidentifiable browsing profiles.β
π ππΌ (PDF)
https://www.usenix.org/system/files/soups2020-bird.pdf
π ππΌ https://www.cozyit.com/internet-history-can-be-used-for-reidentification-finds-study-by-mozilla/
#mozilla #study #research #internet #history #reidentification #thinkabout #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
A recent research paper has reaffirmed that our internet history can be reliably used to identify us. The research was conducted by Sarah Bird, Ilana Segall, and Martin Lopatka from Mozilla and is titled: Replication: Why We Still Canβt Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories. The paper was released at the Symposium on Usable Privacy and Security and is a continuation of a 2012 paper that highlighted the same reidentifiability problem.
βΌοΈ Just your internet history can be used to reidentify you on the internet βΌοΈ
Using data from 52,000 consenting Firefox users, the researchers were able to identify 48,919 distinct browsing profiles which had 99% uniqueness.
This is especially concerning because internet history is routinely sold by your internet service provider (ISP) and mobile data provider to third party advertising and marketing firms which are demonstrably able to tie a list of sites back to an individual they already have a profile on β even if the ISP claims to be βanonymizingβ the data being sold. This is a legally sanctioned activity ever since 2017 when Congress voted to get rid of broadband privacy and allow the monetization of this type of data collection.
This type of βhistory-based profilingβ is undoubtedly being used to build ad profiles on internet users around the world. Previous studies have shown that an IP address usually stays static for about a month β which the researchers noted: βis more than enough time to build reidentifiable browsing profiles.β
π ππΌ (PDF)
https://www.usenix.org/system/files/soups2020-bird.pdf
π ππΌ https://www.cozyit.com/internet-history-can-be-used-for-reidentification-finds-study-by-mozilla/
#mozilla #study #research #internet #history #reidentification #thinkabout #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Forwarded from BlackBox (Security) Archiv
201103-3.pdf
659.5 KB
FBI: Hackers stole source code from US government agencies and private companies
FBI blames intrusions on improperly configured SonarQube source code management tools.
The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses.
π ππΌ Summary (PDF)
https://www.ic3.gov/Media/News/2020/201103-3.pdf
π ππΌ https://www.zdnet.com/article/fbi-hackers-stole-source-code-from-us-government-agencies-and-private-companies
#hacker #usa #fbi #SonarQube #sourcecode #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
FBI blames intrusions on improperly configured SonarQube source code management tools.
The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses.
π ππΌ Summary (PDF)
https://www.ic3.gov/Media/News/2020/201103-3.pdf
π ππΌ https://www.zdnet.com/article/fbi-hackers-stole-source-code-from-us-government-agencies-and-private-companies
#hacker #usa #fbi #SonarQube #sourcecode #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Forwarded from BlackBox (Security) Archiv
mandiant-apt1-report.pdf
6.5 MB
APT1- Exposing One of Chinaβs Cyber Espionage Units
π ππΌ (PDF)
https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
#apt1 #china #cyber #espionage #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoola
π ππΌ (PDF)
https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
#apt1 #china #cyber #espionage #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoola