Breaking: USA bans WeChat and TikTok from the Google Play Store and Apple App Store

Starting from September 20, 2020

The US Commerce Department has announced prohibitions banning people in the US from downloading TikTok and WeChat in reponse to a pair of executive orders signed by US President Donald Trump in August.

In a press release on the matter, the US Department of Commerce noted: “The Chinese Communist Party (CCP) has demonstrated the means and motives to use these apps to threaten the national security, foreign policy, and the economy of the U.S. Today’s announced prohibitions, when combined, protect users in the U.S. by eliminating access to these applications and significantly reducing their functionality.”

Speaking on the matter, US Department of Commerce Secretary, Wilbur Ross, was quoted saying, “Today’s actions prove once again that President Trump will do everything in his power to guarantee our national security and protect Americans from the threads of the Chinese Communist Party…At the President’s direction, we have taken significant action to combat China’s malicious collection of American citizens’ personal data, while promoting our national values, democratic rules-based norms, and aggressive enforcement of U.S. laws and regulations.”

The new prohibitions on TikTok and WeChat will go into effect on September 20th, 2020. As part of the new directive, the following transactions are prohibited:

1. Any provision of service to distribute or maintain the WeChat or TikTok mobile applications, constituent code, or application updates through an online mobile application store in the U.S.

2. Any provision of services through the WeChat mobile application for the purpose of transferring funds or processing payments within the U.S.

👀 👉🏼 https://www.xda-developers.com/usa-bans-wechat-tiktok-google-play-store-apple-app-store/

#usa #ban #tiktok #wechat #DeleteTikTok #bytedance
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Cloudflare and Internet Archive team up to make sure websites never fully go offline

Websites that use Cloudflare Always Online can have their URLs automatically archived with Wayback Machine.

Cloudflare and Internet Archive have joined forces to archive more of the public web, touting it would make the web more reliable.

As part of this joint effort, websites that use Cloudflare's Always Online service will be able to allow the web infrastructure company to share their hostname and URLs with Internet Archive's Wayback Machine so their website can be automatically archived.

When a site is down, Cloudflare will then be able to retrieve the most recently archived version from Internet Archive so that a site's content can be accessed by users.

"The Internet Archive's Wayback Machine has an impressive infrastructure that can archive the web at scale," Cloudflare CEO and co-founder Matthew Prince said.

"By working together, we can take another step toward making the internet more resilient by stopping server issues for our customers and in turn from interrupting businesses and users online."

According to Internet Archive, more than 468 billion web pages are available via the Wayback Machine to date.

"We archive URLs that are identified via a variety of different methods, such as 'crawling' from lists of millions of sites, as submitted by users via the Wayback Machine's 'Save Page Now' feature, added to Wikipedia articles, referenced in Tweets, and based on a number of other 'signals' and sources, such multiple feeds of 'news' stories. An additional source of URLs we will preserve now originates from customers of Cloudflare's Always Online service," Wayback Machine director Mark Graham wrote in a blog post.

👀 👉🏼 https://blog.archive.org/2020/09/17/internet-archive-partners-with-cloudflare-to-help-make-the-web-more-useful-and-reliable/

👀 👉🏼 https://www.zdnet.com/article/cloudflare-and-internet-archive-team-up-to-make-sure-websites-never-fully-go-offline

#cloudflare #internet #archive #wayback
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Facebook Accused of Watching Instagram Users Through Cameras

Facebook Inc. is again being sued for allegedly spying on Instagram users, this time through the unauthorized use of their mobile phone cameras.

The lawsuit springs from media reports in July that the photo-sharing app appeared to be accessing iPhone cameras even when they weren’t actively being used.

Facebook denied the reports and blamed a bug, which it said it was correcting, for triggering what it described as false notifications that Instagram was accessing iPhone cameras.

In the complaint filed Thursday in federal court in San Francisco, New Jersey Instagram user Brittany Conditi contends the app’s use of the camera is intentional and done for the purpose of collecting “lucrative and valuable data on its users that it would not otherwise have access to.”

By “obtaining extremely private and intimate personal data on their users, including in the privacy of their own homes,” Instagram and Facebook are able to collect “valuable insights and market research,” according to the complaint.

Facebook declined to comment.

👀 👉🏼 https://www.bloomberg.com/news/articles/2020-09-18/facebook-accused-of-watching-instagram-users-through-cameras

#fb #DeleteFacebook #instagram #accused #spy #privacy #surveillance #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Rampant Kitten – An Iranian Espionage Campaign

Introduction

Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the different campaigns and attribute them to the same attackers.

💡 Among the different attack vectors we found were:

👉🏼 Four variants of Windows infostealers intended to steal the victim’s personal documents as well as access to their Telegram Desktop and KeePass account information

👉🏼 Android backdoor that extracts two-factor authentication codes from SMS messages, records the phone’s voice surroundings and more

👉🏼 Telegram phishing pages, distributed using fake Telegram service accounts

💡 The above tools and methods appear to be mainly used against Iranian minorities, anti-regime organizations and resistance movements such as:

👉🏼 Association of Families of Camp Ashraf and Liberty Residents (AFALR)

👉🏼 Azerbaijan National Resistance Organization

👉🏼 Balochistan people

👀 👉🏼 https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/

👀 👉🏼 https://www.zdnet.com/article/iranian-hacker-group-developed-android-malware-to-steal-2fa-sms-codes

#iranian #hacker #rampantkitten #android #malware #espionage #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

‘Zoom and Enhance’ Is Finally Here

And its surveillance implications are scary

We all know the scene. Two detectives on a cop show stand in a dimly lit room filled with monitors, reviewing surveillance images. A tech guy (yes, it’s almost always a guy) queues up image after image as the detectives look on, squinting at the screen in concentration. “There’s nothing here!” one detective insists. They’re about to give up, when the other detective (our hero) shouts, “Wait!”

Everyone stops. “Zoom in there!” the detective says. The tech guy obligingly zooms in on a grainy corner of the image. “Enhance that!” the detective intones. The tech guy taps some keys, mutters something about algorithms, and suddenly the image comes into focus, revealing some tiny, significant detail. The case is cracked wide open!

This scene is a crime drama cliché so pervasive that it has inspired its own meme video with nearly a million views.

Scenes like these drive real tech people bananas, because “zoom and enhance” has always seemed like an impossible fantasy. Until now. Thanks to two recent innovations, zoom and enhance is finally here. It has the potential to radically change police surveillance, often in concerning ways — or at least help you bring back your photos from the early ’00s.

https://onezero.medium.com/zoom-and-enhance-is-finally-here-c727b3258a11

#surveillance

$100,000 in bribes helped fraudulent Amazon sellers earn $100 million, DOJ says

DOJ: Bribes to Amazon workers also helped sellers get rivals' accounts suspended.

Six people were indicted on allegations of paying over $100,000 in bribes to Amazon employees and contractors as part of a scheme to give third-party sellers unfair advantages on the Amazon marketplace.

Among other things, the indictment says that Amazon workers who accepted bribes reinstated sellers whose accounts had been suspended for offering dangerous products, and these workers suspended the seller accounts of fraudulent sellers' competitors.

https://arstechnica.com/tech-policy/2020/09/doj-amazon-workers-took-bribes-to-reinstate-sellers-of-dangerous-products/

#US #Amazon #bribery

Backdoors and other vulnerabilities in HiSilicon based hardware video encoders

Update 2020-09-17: Huawei issued a statement saying that none of the vulnerabilities have been introduced by HiSilicon chips and SDK packages. I will update this article as more information comes in.

This article discloses critical vulnerabilities in IPTV/H.264/H.265 video encoders based on HiSilicon hi3520d hardware. The vulnerabilities exist in the application software running on these devices. All vulnerabilities are exploitable remotely and can lead to sensitive information exposure, denial of service, and remote code execution resulting in full takeover of the device. With multiple vendors affected, and no complete fixes at the time of the publication, these encoders should only be used on fully trusted networks behind firewalls. I hope that my detailed write-up serves as a guide for more security research in the IoT world.

👀 👉🏼 https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/

👀 👉🏼 🇩🇪 https://www.heise.de/news/Backdoors-in-Video-Encodern-auf-Huawei-Chips-entdeckt-Ursprung-unbekannt-4905641.html

#hisilicon #hardware #video #encoder #vulnerabilities #huawei #chips #backdoors
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Get this - there is a Bitcoin wallet with 69,000 Bitcoins ($693,207,618) that is being passed around between hackers/crackers for the past 2 years for the purpose of cracking the password, no success so far.

👀 👉🏼 https://twitter.com/UnderTheBreach/status/1303316723186139136

#wallet #bitcoin #breach #hack #whynot
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

‘Not On Our Watch’: A public campaign against Google’s jump into our health data

Monopolies, mergers and acquisitions, anti-trust laws. These may seem like tangential or irrelevant issues for privacy and digital rights organisations. But having run our first public petition opposing a big tech merger, we wanted to set out why we think this is an important frontier for people's rights across Europe and indeed across the world.

In June, Google notified the European Commission of its intention to acquire Fitbit, the health and fitness tracker company. Google’s stated mission is to “organize the world’s information and make it universally accessible and useful.” ‘Organize’ sounds so benign, just administrative, so tidy. But Google can only organise the world’s information by first aggressively getting its hands on the world’s information, whether we really want to give them that information or not. And nothing is more personal than our health data so this would be a game-changing acquisition. Because of how Google could potentially combine our health data with so much other data it already has about us, we were concerned that Google would use the merger to become an unassailable leader in the health and fitness monitoring market.

The merger triggered reactions among civil society organisations, and Privacy International (PI) was a signatory to a common statement sent to the European Commission, coordinated by BEUC, the European Consumer Organisation.

https://edri.org/our-work/not-on-our-watch-a-public-campaign-against-googles-jump-into-our-health-data/

#Europe #EU #google #fitbit #privacy

We Are All Algorithms Now - Is that what's really destroying the legitimacy of our democracy?

I’ve never felt this way about an election before. For my entire adult life, campaigns could be exhilarating, tedious, crowded with incident or laden with foreboding, but you always felt that, at some point, there would be a resolution. The votes would be counted; the exit polls parsed; a decision made; and both sides would respect it. The one time that didn’t happen — in 2000 — I felt for the first time an inkling of what I feel in every part of my psyche now: a sense that the system itself was buckling.

👉🏼 ..(..)...
And the reason this dystopian scenario is so credible is not just the fault of these political actors. It’s ours too — thanks to the impact of social media. I think we’ve under-estimated just how deep the psychological damage has been in the Trump era — rewiring the minds of everyone, including your faithful correspondent, in ways that make democratic discourse harder and harder and harder to model. The new Netflix documentary, The Social Dilemma, is, for that reason, a true must-watch. It doesn’t say anything shockingly new, but it persuasively weaves together a whole bunch of points to reveal just how deeply and thoroughly fucked we are. Seriously, take a look.

👉🏼 ..(..)..
For #Facebook and #Google and #Instagram and #Twitter, the business goal quickly became maximizing and monetizing human attention via #addictive #dopamine hits. Attention, they meticulously found, is correlated with emotional intensity, outrage, shock and provocation. Give artificial intelligence this simple knowledge about what distracts and compels humans, let the algorithms do their work, and the profits snowball. The cumulative effect — and it’s always in the same incendiary direction — is mass detachment from reality, and immersion in tribal fever.

👀 👉🏼 https://andrewsullivan.substack.com/p/we-are-all-algorithms-now

👀👇🏼 "Dopamine": Miniseries about the addiction mechanisms of Tinder, Facebook and Co. 👇🏼

"They'll do anything to make you an addict," they say about #Tinder, #Facebook, #CandyCrush, #Instagram, #YouTube, #Snapchat, #Uber and #Twitter in the miniseries of #Arte. Eight episodes explain in detail which mechanisms are triggered in our brain to keep us engaged

📺 👉🏼 https://t.me/BlackBox_Archiv/833 👈🏼 📺

#surveillance #capitalism #SocialDilemma #dystopian #democracy #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Exploitation of LAN vulnerability found in Firefox for Android (PoC)

I tested this PoC exploit on 3 devices on same wifi, it worked pretty well.

I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below)

👀 👉🏼 https://twitter.com/LukasStefanko/status/1307013106615418883

👀 👉🏼 Firefox for Android LAN-Based Intent Triggering:
https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020

#android #security #exploit #firefox #LAN #vulnerability #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Surveilling the surveillers - About military RF communication surveillance and other activist art & technology projects

This talk will present relevant works in this field and will draw connections between critical art and regulatory power, warfare, surveillance, electronic waste, electronic self-defense and the re-appropriation of architectural and technological artifacts in militant ways.

📺 👉🏼 This Talk was translated into eng / deu / fra. 👇🏼
https://media.ccc.de/v/33c3-7978-surveilling_the_surveillers#t=70

#surveilling #surveillers #33c3 #ccc #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Forget TikTok. China’s Powerhouse App Is WeChat, and Its Power Is Sweeping.

A vital connection for the Chinese diaspora, the app has also become a global conduit of Chinese state propaganda, surveillance and intimidation. The United States has proposed banning it.

Just after the 2016 presidential election in the United States, Joanne Li realized the app that connected her to fellow Chinese immigrants had disconnected her from reality.

Everything she saw on the Chinese app, WeChat, indicated Donald J. Trump was an admired leader and impressive businessman. She believed it was the unquestioned consensus on the newly elected American president. “But then I started talking to some foreigners about him, non-Chinese,” she said. “I was totally confused.”

https://www.nytimes.com/2020/09/04/technology/wechat-china-united-states.html

#US #China #WeChat #surveillance

Poll: majority of Americans concerned about Big Tech’s economic, political power

Republican voters were more likely to say they were somewhat or very concerned about the tech firms.

About 65 percent of likely U.S. voters think the economic power held by tech companies like Amazon, Google, Facebook is a problem for the U.S. economy, according to a survey on antitrust and the tech industry to be released Thursday.

The responses: Republican voters were more likely to say they were somewhat or very concerned about the tech firms than those who identify as Democrats or independents.

Seventy percent of the respondents said they think tech companies have too much political power, with Republicans most likely to agree with the statement.

Overall, 56 percent said they would strongly or somewhat support breaking up tech companies to promote competition, compared with 26 percent who said they oppose or strongly oppose such a move and 19 percent who didn’t offer a view.

https://www.politico.com/news/2020/09/17/big-tech-economic-political-power-poll-417024

#US #BigTech

How to erase your data to remove your life from Google’s grip.

The company provides a slew of really great products. But you have to remember, you are also a product in their profit stream

I use Google for so many things, from looking things up, handing my email and calendar, video chatting with my team, to peeking in on the Nest cam in my mother's living room. The company provides a slew of really great products. But you have to remember, you are also a product in their profit stream.

Lately, there’s been an anti-Google movement with more people interested in options. You can use a different search site that won’t track you. There are also private email servers and video sites that aren’t YouTube. Tap or click here for a list of Google alternatives.

https://www.foxnews.com/tech/how-to-erase-your-data-to-remove-your-life-from-googles-grip

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Companies can track your phone’s movements to target ads

A startup gathers data on when you pick up your phone or go out on a run.

Google and Apple have taken steps this year they say will help users shield themselves from hundreds of companies that compile profiles based on online behavior. Meanwhile, other companies are devising new ways to probe more deeply into other aspects of our lives.

In January, Google said it would phase out third-party cookies on its Chrome browser, making it harder for advertisers to track our browsing habits. Publishers and advertisers use cookies to compile our shopping, browsing, and search data into extensive user profiles. These profiles reflect our political interests, health, shopping behavior, race, gender, and more. Tellingly, Google will still collect data from its own search engine, plus sites like YouTube or Gmail.

https://arstechnica.com/information-technology/2020/09/companies-can-track-your-phones-movements-to-target-ads/

#phones #tracking #ads #privacy

Hackers leak data on 1,000 Belarusian police officers

Security forces will not remain anonymous, anti-Lukashenko protesters say

Anonymous hackers leaked the personal data of 1,000 Belarusian police officers in retaliation for a crackdown on street demonstrations against the veteran president, Alexander Lukashenko, as protesters geared up for another mass rally on Sunday.

“As the arrests continue, we will continue to publish data on a massive scale,” said a statement distributed by the opposition news channel Nexta Live on the messaging app Telegram. “No one will remain anonymous, even under a balaclava.”

The government said it would find and punish those responsible for leaking the data, which was widely distributed on Saturday evening.

https://www.theguardian.com/world/2020/sep/20/hackers-leak-data-on-1000-belarusian-police-officers

#Europe #Belarus #hackers #police #leaks

Dream Vendor "Canna_Bars" Sentenced to Prison

A judge in a California court sentenced Jose Robert Porras III to five years and 10 months in federal prison for distributing a controlled substance and illegally possessing firearms. The Northern California Illicit Digital Economy Task Force (NCIDE) investigated Porras in 2018 and identified him as the operator of vendor accounts on Hansa Market, Wall Street Market, and Dream Market

https://darknetlive.com/post/dream-vendor-canna-bars-sentenced-to-prison


#fp #fingerprints #photo #darknet #market

Bitwarden leaks passwords to other subdomains

Today I was on a domain that should only be available via BasicAuth. Then I was really scared when I did not have to login. Even in incognito mode the page was visible without login. Is my BasicAuth broken? Turns out: No, but @Bitwarden has automatically logged in for me.

👀 👉🏼 https://nitter.net/RitzmannMarkus/status/1307614248835731456

#bitwarden #leak #password #subdomains
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Thanks to Google, app store monopoly concerns have now reached India

Last week, as Epic Games, Facebook, and Microsoft continued to express concerns about Apple’s “monopolistic” hold over what a billion people can download on their iPhones, a similar story unfolded in India, the world’s second largest internet market, between a giant developer and the operator of the only other large mobile app store.

Google pulled Paytm, the app from India’s most valuable startup, off of the Play Store on Friday. The app returned to the store eight hours later, but the controversy and acrimony Google has stirred up in the country will linger for years.

TechCrunch reported on Friday that Google pulled Paytm app from its app store after a repeat pattern of violations of Google Play Store guidelines by the Indian firm.

https://techcrunch.com/2020/09/20/thanks-to-google-paytm-app-store-monopoly-concerns-have-now-reached-india/

#Asia #India #Paytm #Google #monopoly