Looks Like the Windows XP Source Code Just Leaked on 4chan

Would you believe more than 1% of computers worldwide are still using Windows XP? Incredibly, there are still millions of people using 19-year-old operating system. And a recent development — if it bears out — is another reason people need to make the switch to something newer.

On Thursday, users on 4chan posted what they claimed was the source code of Windows XP.

Posting an image of a screenshot allegedly of the source code in front of Window’s XP iconic Bliss background, one user wrote ‘sooooo Windows XP Source code leaked’. Another Redditor helpfully has uploaded the code as a torrent, assisting in its spread.

While there is no confirmation that this code is definitely Windows XP, independent researchers have begun to pick through the source code and believe it stands up to scrutiny.

👀 👉🏼 https://www.gizmodo.com.au/2020/09/looks-like-the-windows-xp-source-code-just-leaked-on-4chan/

👀 👉🏼 https://nitter.net/RoninDey/status/1309275918943301636

#windows #xp #sourcecode #leaked
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Wyden and Warren Demand Investigation into IRS Warrantless Location Tracking

A unit of the IRS previously bought access to location data harvested from ordinary apps installed on peoples’ phones to try and identify individuals.

Ron Wyden and Elizabeth Warren want a formal investigation into the IRS' use of smartphone location data to track Americans without a warrant.

On Thursday, the two Senators sent a letter to the body tasked with oversight of the IRS demanding it investigate how a section of the IRS bought access to this data.

The news highlights the continued tread of law enforcement agencies obtaining location data that would ordinarily require a warrant to do, by simply purchasing the data from commercial providers instead.

https://www.vice.com/en_us/article/xg8by3/irs-phone-tracking-warrant-wyden-warren

#US #IRS #phone #tracking #privacy #surveillance

Free VPNs are bad for your privacy

VPNs are in high demand as Americans scramble to keep access to TikTok and WeChat amid a looming government ban. There are dozens of free VPNs out there that promise to protect your privacy by keeping you anonymous on the internet and hiding your browsing history.

Don’t believe it. Free VPNs are bad for you.

The internet is a hostile place for the privacy-minded. Internet providers can sell your browsing history, governments can spy on you and tech titans collect huge amounts of data to track you across the web. Many have turned to VPNs, or virtual private networks, thinking that they can protect you from snoopers and spies.

But where VPNs try to solve a problem, they can also expose you to far greater privacy risks.

TechCrunch’s Romain Dillet has an explainer on what a VPN is. In short, VPNs were first designed for employees to virtually connect to their office network from home or while on a business trip. These days, VPNs are more widely used for hiding your online internet traffic, and tricking streaming services into thinking you’re another country when you’re not. That same technique also helps activists and dissidents bypass censorship systems in their own countries.

https://techcrunch.com/2020/09/24/free-vpn-bad-for-privacy/

#VPN #privacy #censorship

How to Secure Anything

Security engineering is the discipline of building secure systems.

Its lessons are not just applicable to computer security. In fact, in this repo, I aim to document a process for securing anything, whether it's a medieval castle, an art museum, or a computer network.

💡What is security engineering?

Security engineering isn't about adding a bunch of controls to something.

It's about coming up with security properties you'd like a system to have, choosing mechanisms that enforce these properties, and assuring yourself that your security properties hold.

👀 👉🏼 https://github.com/veeral-patel/how-to-secure-anything

#howto #guide #security #secure #anything
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Federal Agency Compromised by Malicious Cyber Actor

The Cybersecurity and Infrastructure Security Agency (CISA) responded to a recent threat actor’s cyberattack on a federal agency’s enterprise network. By leveraging compromised credentials, the cyber threat actor implanted sophisticated malware—including multi-stage malware that evaded the affected agency’s anti-malware protection—and gained persistent access through two reverse Socket Secure (SOCKS) proxies that exploited weaknesses in the agency’s firewall.

💡 For a downloadable copy of IOCs, see:
https://us-cert.cisa.gov/sites/default/files/publications/AR20-268A.stix.xml

👀 👉🏼 https://us-cert.cisa.gov/ncas/analysis-reports/ar20-268a

👀 👉🏼 https://www.zdnet.com/article/cisa-says-a-hacker-breached-a-federal-agency

#cisa #hacker #breach #breached #federal #agency
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Bollywood WhatsApp chats are leaking: How and is WhatsApp safe?

https://www.indiatoday.in/technology/news/story/bollywood-whatsapp-chats-are-leaking-how-and-is-whatsapp-safe-1724977-2020-09-24


#Whatsapp #India #press

Top 4 Best Download Managers For Linux

https://itsfoss.com/4-best-download-managers-for-linux


@itsfoss_official
#dm #download #manager #linux

Amazon announces new cloud gaming service called Luna

https://www.theverge.com/2020/9/24/21451371/amazon-luna-cloud-gaming-service-twitch-alexa-controller


#amazon #Luna #gaming #cloud #knowtheenemy

Airbnb may be exposing private host inbox messages, bookings and earnings data

Airbnb hosts report that they are able to access inboxes that do not belong to them.

Airbnb may be at the heart of a severe security incident as hosts report they are able to inadvertently access private inboxes that are unrelated to their accounts.

On Thursday, Airbnb hosts flooded Reddit, querying the sudden appearance of inboxes that do not belong to them when they signed into the service.

👀 👉🏼 https://www.reddit.com/r/AirBnB/comments/iz26du/airbnb_host_login_shows_me_other_peoples_inboxes/

👀 👉🏼 https://www.zdnet.com/article/airbnb-security-incident-may-be-leaking-host-inbox-messages-bookings-information

👀 👉🏼 🇩🇪 https://www.golem.de/news/datenleck-airbnb-gibt-gastgebern-zugriff-auf-fremde-postfaecher-2009-151125.html

#airbnb #security #incident #leaked #leak
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

China blocks Wikimedia Foundation’s accreditation to World Intellectual Property Organization

China yesterday blocked the Wikimedia Foundation’s application for observer status at the World Intellectual Property Organization (WIPO), the United Nations (UN) organization that develops international treaties on copyright, IP, trademarks, patents and related issues. As a result of the block, the Foundation’s application for observer status has been suspended and will be reconsidered at a future WIPO meeting in 2021.

China was the only country to raise objections to the accreditation of the Wikimedia Foundation as an official observer. Their last-minute objections claimed Wikimedia’s application was incomplete, and suggested that the Wikimedia Foundation was carrying out political activities via the volunteer-led Wikimedia Taiwan chapter. The United Kingdom and the United States voiced support for the Foundation’s application.

https://wikimediafoundation.org/news/2020/09/24/china-blocks-wikimedia-foundations-accreditation/

#Wikimedia #China

'Where Are the Terrorists?' Apple's Siri Offers Directions to Police Stations, Say iPhone Users

Apple is under fire after social media users shared videos of the tech firm's virtual assistant, Siri, appearing to direct people to police stations when asked "where are the terrorists?"

Several clips appeared on Twitter showing iPhone users asking Siri the question.

The virtual assistant appeared to offer the address of local police departments in response.

Apple users reported similar experiences in multiple U.S. states as well as in Australia.

However when Newsweek asked Siri the same question using a U.K. iPhone, it replied: "I don't know how to respond to that."

Apple did not immediately respond to Newsweek's request for clarification on the issue.

https://www.newsweek.com/where-terrorists-apple-siri-directions-police-iphone-1533888

#Apple #Siri #iPhone

Google Meet and other Google services go down (Updated)

Google’s engineers aren’t having a good day today. This afternoon, a number of Google services went offline or are barely reachable. These services include Google Meet, Drive, Docs, Analytics, Classroom and Calendar, for example.

While Google’s own status dashboards don’t show any issues, we’re seeing reports from around the world from people who aren’t able to reach any of these services. Best we can tell, these issues started around 6 p.m. PT.

https://techcrunch.com/2020/09/24/google-meet-and-other-google-services-go-down/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Students Are Rebelling Against Eye-Tracking Exam Surveillance Tools

Invasive test-taking software has become mandatory in many places, and some companies are retaliating against those who speak out.

As a privacy-minded computer science student preparing to start his first year at Miami University, Erik Johnson was concerned this fall when he learned that two of his professors would require him to use the digital proctoring software Proctorio for their classes.

The software turns students’ computers into powerful invigilators—webcams monitor eye and head movements, microphones record noise in the room, and algorithms log how often a test taker moves their mouse, scrolls up and down on a page, and pushes keys. The software flags any behavior its algorithm deems suspicious for later viewing by the class instructor.

https://www.vice.com/en_us/article/n7wxvd/students-are-rebelling-against-eye-tracking-exam-surveillance-tools

#US #Miami #students #exam #eye #tracking #surveillance

How Iranian diaspora is using old-school tech to fight internet shutdown at home

With the threat of another big internet blackout looming, companies are creating workarounds for Iranians using satellite dishes.

One November morning last year, Mehdi Yahyanejad listened to a voicemail in his Los Angeles office: “I’m contacting you from the city of Tehran,” said the voice. “This was the first time I’ve experienced an internet shutdown. … It feels like I’m in a prison.”

A few weeks earlier, Iran’s largest mobile networks and internet providers went offline. Amid weeks of growing anti-regime protests, Iranian authorities imposed the longest internet shutdown in the country’s history, effectively cutting off external communication for over 80 million Iranians. In an unprecedented crackdown, regime forces killed more than 300 protesters and arrested over 7,000 people. When access was finally restored on November 23, nearly half the country was still unable to come online.

https://restofworld.org/2020/cat-and-mouse-censorship/

#MiddleEast #Iran #censorship

Hungary hit by large cyber attack from Asia: Magyar Telekom

BUDAPEST (Reuters) - Hungarian financial institutions and telecoms infrastructure were hit with a powerful cyber attack on Thursday from computer servers located in Russia, China and Vietnam, telecoms firm Magyar Telekom said.

The event was a distributed-denial-of-service (DDoS) attack where hackers attempt to overwhelm a network with unusually high volumes of data traffic in order to paralyse it.

The volume of the attack was 10 times higher than that of usual DDoS attacks, the company said.

“That means that this was one of the biggest hacker attacks in Hungary ever, both in its size and complexity,” it said.

https://www.reuters.com/article/technologyNews/idUSKBN26H0CB

#Europe #Hungary #cyberattack

Feds Are Tapping Protesters’ Phones. Here’s How To Stop Them.

Use Signal and add a PIN code to your phone’s SIM card to help protect against spying.

Federal agents from the Department of Homeland Security and the Justice Department used “a sophisticated cell phone cloning attack—the details of which remain classified—to intercept protesters’ phone communications” in Portland this summer, Ken Klippenstein reported this week in The Nation.

Put aside for the moment that, if the report is true, federal agents conducted sophisticated electronic surveillance against American protesters, an alarming breach of constitutional rights. Do ordinary people have any hope of defending their privacy and freedom of assembly against threats like this?

https://theintercept.com/2020/09/25/surveillance-sim-cloning-protests-protect-phone/

#US #SIM #cloning #surveillance

AI unmasks secret police

👉🏼 📺 https://www.youtube.com/watch?v=FAJIrnphTFg

#ai #police #unmasking #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Narcotics control bureau of India caught top Indian celebrities having drug chats in WhatsApp make people question the privacy of WhatsApp again

https://www.tribuneindia.com/news/nation/ncb-cloned-mobile-phones-of-rhea-chakraborty-for-access-to-whatsapp-chats-of-film-stars-146339

#WhatsApp #India #drugs #cops

Betrusted

https://betrusted.io

A prototype security-foccussed open-software/hardware device (akin to a PDA) for delegating your sensitive information and tasks to. It has a microkernel and userspace in rust and the development version uses a reconfigurable FPGA instead of a CPU.

Betrusted is a secure and private communications system. It gives users an evidence-based reason to believe that private matters are kept private.

Betrusted is more than just an app, and more than just a gadget – it is a co-designed hardware + software solution that provides safe defaults for everyday users. It’s also open source, empowering advanced users to analyze, extend and explore this secure mobile computer.


#betrusted #mobile #phone #alternatives

Inside eBay’s Cockroach Cult: The Ghastly Story of a Stalking Scandal

“People are basically good” was eBay’s founding principle. But in the deranged summer of 2019, prosecutors say, a campaign to terrorize a blogger crawled out of a dark place in the corporate soul.

1. Dad stabs a chair

Veronica Zea is pretty sure that before showing up to work at eBay in the spring of 2017, she used the site only once. She bought a surfing poster. It ended up in her closet.

Although Ms. Zea grew up in Santa Clara, Calif., in the heart of Silicon Valley, she cared little for the dazzlements of technology. In college, she studied criminology. After graduating, and a year spent recovering from knee surgery, she surprised herself by answering a classified ad and ending up at the e-commerce pioneer.

Ms. Zea’s first job at eBay was intelligence operator. In a windowless room at corporate headquarters in San Jose, she watched closed-circuit cameras and helped people who were locked out of their offices. Ms. Zea (pronounced ZAY) was 23, with no special skills, but she worked hard. Soon she was promoted to intelligence analyst, charged with staying ahead of geopolitical and individual threats.

Her division, Global Security and Resiliency, consisted of dozens of people, including retired police captains and former security consultants. But it was surprisingly intimate. “We’re a family,” James Baugh, the boss, and Stephanie Popp, her immediate supervisor, would say to the analysts. “We’re Mom and Dad.”

True, Dad could be kind of scary. Mr. Baugh was a stocky, middle-aged guy with thinning hair who loved to talk and did not like to be questioned. He would often say he used to work for the C.I.A. Sometimes he said his wife was working for the C.I.A. right now. Once, he found a knife on a barbecue grill on campus. A deranged person could have used it to hurt someone, he told the analysts, and proceeded to stab a chair. It was never removed, a warning for the timid. (Through his lawyer, Mr. Baugh declined to comment.)

Ms. Zea had never worked in an office. Her only real job before this was on the Grizzly roller coaster at California’s Great America amusement park. So she just accepted things. Like the way eBay was a regular film festival. Mr. Baugh would bring the analysts into a conference room and show the scene from “American Gangster” where Denzel Washington coolly executes a man in front of a crowd to make a point. Or a clip from “The Wolf of Wall Street,” where the feds are investigating shady deeds but none of the perpetrators can recall a thing. Or the bit from “Meet the Fockers” about a retired C.I.A. agent’s “circle of trust.”

That one came up frequently. “No one is supposed to know this,” Mr. Baugh would tell the analysts about some piece of office gossip. “We’ll keep it in the circle of trust.”

👀 👉🏼 https://www.nytimes.com/2020/09/26/technology/ebay-cockroaches-stalking-scandal.html

#ebay #cockroaches #stalking #scandal #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

UK National Sentenced to Prison for Role in “The Dark Overlord” Hacking Group

Defendant Conspired to Steal Sensitive Personally Identifying Information from Victim Companies and Release those Records on Criminal Marketplaces unless Victims Paid Bitcoin Ransoms

A United Kingdom national pleaded guilty today to conspiring to commit aggravated identity theft and computer fraud, and was sentenced to five years in federal prison.

U.S. District Judge Ronnie White for the Eastern District of Missouri sentenced Nathan Wyatt, 39, who participated in a computer hacking collective known as “The Dark Overlord,” which targeted victims in the St. Louis area beginning in 2016. Wyatt was extradited from the United Kingdom to the Eastern District of Missouri in December 2019. Judge White also ordered Wyatt to pay $1,467,048 in restitution.

“Nathan Wyatt used his technical skills to prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his own personal gain,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division. “Today’s guilty plea and sentence demonstrate the department’s commitment to ensuring that hackers who seek to profit by illegally invading the privacy of Americans will be found and held accountable, no matter where they may be located.”

“The Dark Overlord has victimized innumerable employers in the United States, many of them repeatedly, said U.S Attorney Jeff Jensen of the Eastern District of Missouri. “I am grateful to the victims who came forward despite ransom threats and to the prosecutors and agents who were the first to catch and punish a member of The Dark Overlord in the United States.”

“Cyber hackers mistakenly believe they can hide behind a keyboard,” said Special Agent in Charge Richard Quinn of the FBI’s St. Louis Field Office. “In this case, the FBI demonstrated once again that it will impose consequences on cyber criminals no matter how long it takes or where they are located.”

Wyatt admitted that, beginning in 2016, he was a member of The Dark Overlord, a hacking group that was responsible for remotely accessing the computer networks of multiple U.S. companies without authorization. Victims in the Eastern District of Missouri included healthcare providers, accounting firms, and others. Wyatt admitted that The Dark Overlord co-conspirators acted by obtaining sensitive data from victim companies, including patient medical records and personal identifying information, and then threatening to release the companies’ stolen data unless the companies paid a ransom of between $75,000 and $350,000 in bitcoin.

👀 👉🏼 https://www.justice.gov/opa/pr/uk-national-sentenced-prison-role-dark-overlord-hacking-group

#darkoverlord #hacker #hacking
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag