NoGoolag
4.52K subscribers
14.1K photos
7.35K videos
599 files
14.7K links
Download Telegram
How to deal with Google's and YouTube's aggressive popups (before you continue, sign in)

When you visit Google's main website for the first time, or after clearing cookies, you get a "before you continue" popup. On YouTube, another Google property, you will get a "sign in to YouTube" popup instead.

You need to click on "I agree" on Google's site or "no thanks" on YouTube to get rid of these popups and start using the sites.

Problem is: if you clear cookies regularly, you will get these prompts again. It can be quite annoying to deal with these popups each time, e.g. to inform YouTube for the hundredth time that you don't want to sign-in to the site.

https://www.ghacks.net/2020/09/27/how-to-deal-with-googles-and-youtubes-aggressive-popups-before-you-continue-sign-in


#youtube #yt #google #popups #cookies
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Forwarded from Privacy Matters 🛡️
How to use Whonix | TOR Tutorial Part 2

Whonix is the safest way to be online and surf the web. Learn how to be anonymous and private with Tor Tutorial Part 2.

📹 Watch it via:
YouTube || Invidious || BitChute

• Part 1 of TOR series: HERE

• Download Whonix: HERE

📡 @howtobeprivateonline
#TOR #Guide #Privacy #OS
Forwarded from Rahul Patel
Hi all,

New GPlayAPI is ready, its available here.

I need few device configs to add as default for device spoof.
Atleast one for each SDK (21 to 30) + Android TV & Android GO.

If anyone of you wish to share you device config, kindly DM it to @whyorean or @aurora_dev.

I will remove any personal data from config before making it public, so feel safe.

You can export you current device config from AuroraStore 3.2.x

Follow this:
1. Open Aurora Store
2. Go to Spoof, from side drawer
3. Click on "Export Device Info"
4. Send me the device-<YouDeviceName>.properties file, it should be available in default download directory.

Enjoy!

GitLab
Projects · Aurora OSS / GPlayApi
Bing mobile apps suffered a data leak, leaking 6.5TB of search data

Microsoft’s Bing mobile apps, available on Android and iOS, have been the victim of a data leak. Security researchers found an Elastic server that had its password protection removed, reportedly as a “misconfiguration” of the server, which has resulted in 6.5TB of search data being made available publicly on the internet, which grew by up to 200GB per day.

Security researchers from WizCase found the unprotected server on September 12, although the authentication is estimated to have been removed 2 days prior. After discovering the data was coming from Bing’s mobile apps, by performing a search themselves and seeing it appear in the data, the researchers contacted Microsoft on September 13, and the information was given to Microsoft’s Security Response Centre, who acted to resolve the problem a few days later.

The data leak has exposed a trove of data that Microsoft collects from users who use the Bing mobile apps. The data included:

Search terms (excluding any searches in ‘private’ mode)

GPS coordinates (if location permissions are enabled, with a ~500 metre accuracy)

Date and time of the search

Firebase notification tokens

Coupon data

Partial list of the URLs visited by the user from the search results

Device model

Operating system

3 unique identifiers, including:
⭕️ ADID: possibly an identifier for a Microsoft Account
⭕️ deviceID
⭕️ devicehash

None of the data was encrypted.

https://www.onmsft.com/news/microsoft-bing-data-leak

#Microsoft #Bing #mobile #app #dataleaks
German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed

FinSpy is a commercial spyware suite produced by the Munich-based company FinFisher Gmbh. Since 2011 researchers have documented numerous cases of targeting of Human Rights Defenders (HRDs) - including activists, journalists, and dissidents with the use of FinSpy in many countries, including Bahrain, Ethiopia, UAE, and more. Because of this, Amnesty International’s Security Lab tracks FinSpy usage and development as part of our continuous monitoring of digital threats to Human Rights Defenders.

Amnesty International published a report in March 2019 describing phishing attacks targeting Egyptian human rights defenders and media and civil society organizations staff carried out by an attacker group known as “NilePhish”. While continuing research into this group’s activity, we discovered it has distributed samples of FinSpy for Microsoft Windows through a fake Adobe Flash Player download website. Amnesty International has not documented human rights violations by NilePhish directly linked to FinFisher products.

Through additional technical investigations into this most recent variant, Amnesty’s Security Lab also discovered, exposed online by an unknown actor, new samples of FinSpy for Windows, Android, and previously undisclosed versions for Linux and MacOS computers.

https://www.amnesty.org/en/latest/research/2020/09/german-made-finspy-spyware-found-in-egypt-and-mac-and-linux-versions-revealed/

#FinSpy #surveillance
A Facebook employee has stolen my account. Thread! (RTs appreciated)

TLDR:
some rich kid in LA now has my Instagram account because he got his friend who works at Facebook to steal it... and nobody at Facebook or Instagram is doing anything about it

👀 👉🏼 https://nitter.net/dannyjhall/status/1310231730591346689

#DeleteFacebook #fb #instagram #thinkabout #why #lol
📡@cRyPtHoN_INFOSEC_DE
📡
@cRyPtHoN_INFOSEC_EN
📡
@BlackBox_Archiv
📡
@NoGoolag
Last phase of the desktop wars?

The two most intriguing developments in the recent evolution of the Microsoft Windows operating system are Windows System for Linux (WSL) and the porting of their Microsoft Edge browser to Ubuntu.

For those of you not keeping up, WSL allows unmodified Linux binaries to run under Windows 10. No emulation, no shim layer, they just load and go.

Microsoft developers are now landing features in the Linux kernel to improve WSL. And that points in a fascinating technical direction. To understand why, we need to notice how Microsoft’s revenue stream has changed since the launch of its cloud service in 2010.

Ten years later, Azure makes Microsoft most of its money. The Windows monopoly has become a sideshow, with sales of conventional desktop PCs (the only market it dominates) declining. Accordingly, the return on investment of spending on Windows development is falling. As PC volume sales continue to fall off , it’s inevitably going to stop being a profit center and turn into a drag on the business.

Looked at from the point of view of cold-blooded profit maximization, this means continuing Windows development is a thing Microsoft would prefer not to be doing. Instead, they’d do better putting more capital investment into Azure – which is widely rumored to be running more Linux instances than Windows these days.

Our third ingredient is Proton. Proton is the emulation layer that allows Windows games distributed on Steam to run over Linux. It’s not perfect yet, but it’s getting close. I myself use it to play World of Warships on the Great Beast.

The thing about games is that they are the most demanding possible stress test for a Windows emulation layer, much more so than business software. We may already be at the point where Proton-like technology is entirely good enough to run Windows business software over Linux. If not, we will be soon.

👀 👉🏼 http://esr.ibiblio.org/?p=8764

#windows #microsoft #linux #WSL #ubuntu #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡
@cRyPtHoN_INFOSEC_EN
📡
@BlackBox_Archiv
📡
@NoGoolag
Crypto crime - KuCoin: Hackers steal 150 million US dollars from Bitcoin stock exchange

The Bitcoin exchange KuCoin has become the victim of a hacker attack. According to estimates, 150 to 200 million US dollars disappeared. Most of the money is said to have already been recovered.

The Bitcoin exchange KuCoin has announced that it became the victim of a hacker attack on September 26. Mainly Bitcoin (BTC), Ether (ETH) and ERC 20 tokens were acquired by the attackers on their raid. The exchange did not explicitly comment on the amount of damage and reassured that it was a small part of the exchange's total capital. According to external estimates, however, crypto-values of 150 to 200 million US dollars (USD) were apparently lost in the process.

👀 👉🏼 https://nitter.net/kucoincom/status/1309689557206491137

👀 👉🏼 🇩🇪 https://www.btc-echo.de/kucoin-hacker-stehlen-150-millionen-us-dollar-von-bitcoin-boerse/

#KuCoin #bitcoin #exchange #hacker #hacked #attack
📡@cRyPtHoN_INFOSEC_DE
📡
@cRyPtHoN_INFOSEC_EN
📡
@BlackBox_Archiv
📡
@NoGoolag
Ransomware Hits Healthcare Provider UHS, Shuts Down Hospital IT Systems

Although Universal Health Services largely runs behavioral healthcare facilities, it also operates some emergency care centers, potentially putting patients' lives at risk.

A ransomware attack appears to have taken down all IT systems at Universal Health Services (UHS), which operates 400 hospitals and behavioral health facilities in the US and the UK.

UHS employees began reporting problems on Monday via Reddit; the attack has been shutting down computers at various hospitals, forcing them to turn away patients, they say.

One UHS employee based in Arizona told PCMag that the disruption has been blamed on ransomware infecting hospital systems. “Everything is down. No access to any computer at all," the employee said. The hospital has only recently managed to restore the phone system.

“I believe we are turning patients away,” the employee added. “We have been doing everything on paper charts. What gets me is we had no downtime protocols in place. It’s all been improv.”

BleepingComputer reports that a notorious ransomware strain known as Ryuk appears to be behind the attack, which has encrypted computers across the UHS network, making them impossible to access.

https://www.pcmag.com/news/ransomware-hits-healthcare-provider-uhs-shuts-down-hospital-it-systems

#US #ransomware #attack #hospital
Police told not to download NHS Covid-19 app

The National Police Chiefs Council (NPCC) has confirmed officers are being told not to install the NHS Covid-19 app on their work smartphones.

The app detects when users have been in proximity to someone with the virus.

Some officers have also been told they may not need to obey self-isolate alerts generated by the app when downloaded to their personal phones.

Lancashire Constabulary has told staff to call the force's own Covid-19 helpline instead.

The BBC contacted the North-West of England force after a source claimed the advice had been given because of "security reasons".

The source also said officers had been told not to carry their personal phones while on duty if they had activated the app.

This applies to staff working in public-facing roles as well as those in back-office positions.

https://www.bbc.com/news/technology-54328644

#Europe #UK #police #covid #app
Google will make it easier to install and use third-party app stores with Android 12

Unlike other popular mobile operating systems, Android has always allowed the installation of third-party app stores. In fact, many Android phones ship with multiple app stores out of the box. After hearing feedback from some third-party developers, Google now says it plans to make installing and using third-party app stores easier with the next major release of Android…

This issue was highlighted most recently by Epic, the company behind popular mobile game Fortnite. Epic pulled their game from the Play Store earlier this year citing unfair billing practices and in a lawsuit accused Google of anticompetitive behavior for the barriers it has in place — mostly for preserving platform security — around users installing third-party app stores.

Google touches on this in its blog post today about the changes coming to Android:

"Each store is able to decide its own business model and consumer features. This openness means that even if a developer and Google do not agree on business terms the developer can still distribute on the Android platform. This is why Fortnite, for example, is available directly from Epic’s store or from other app stores including Samsung’s Galaxy App store."

👀 👉🏼 https://9to5google.com/2020/09/28/google-easier-third-party-app-stores/

👀 👉🏼 https://android-developers.googleblog.com/2020/09/listening-to-developer-feedback-to.html

#google #appstores #android12 #aurora
📡@cRyPtHoN_INFOSEC_DE
📡
@cRyPtHoN_INFOSEC_EN
📡
@BlackBox_Archiv
📡
@NoGoolag
Who reports the “low hanging fruit” security issues?

Some time ago, I came across this article on Hacker News. I recommend you read the whole thing. But in short: A social media site for woman called “Giggle” used an API that pretty much exposed every users data, if you did so much as to request it. This is called an IDOR vulnerability.

The “barrier of entry” is very low here. Installing BurpSuite might have actually been the hardest part of it all.

I always found these types of “hacks” the most interesting. Mostly because they don’t require any experience in offensive security. You don’t need to be an professional pentester to know basic API debugging. Even I could do something like this! In fact, I still sometimes hack myself into leaderboards of browser games like this one.

These kind of “easy to pick” targets are often referred to as “low hanging fruit”. There is no complicated setup or mentionable work required to just grab an apple from a low hanging branch. Same thing was true for hacking Giggle.

And these types of incidents are all but rare. Just search the web for “unsecured elasticsearch instance”. Also, it doesn’t just affect userdata neither. There have been IDOR issues on car control systems. One could literally stop, lock and unlock cars thanks to a certain API endpoint that required no authentication.

👀 👉🏼 https://palone.blog/#post-who-reports-the-low-hanging-fruit-security-issues-158

#palone #blog #security #issues #IDOR
📡@cRyPtHoN_INFOSEC_DE
📡
@cRyPtHoN_INFOSEC_EN
📡
@BlackBox_Archiv
📡
@NoGoolag
This media is not supported in your browser
VIEW IN TELEGRAM
Ransomware hack cripples United Health Services hospitals, facilities across the US

The cyberattack, which began early Sunday, is thought to have employed the Ryuk ransomware, TechCrunch reported. Computer screens changed with text that referenced the “shadow universe,” which is consistent with the Ryuk ransomware, a person familiar with the situation told TechCrunch. “Everyone was told to turn off all the computers and not to turn them on again,” the person told the tech site. “We were told it will be days before the computers are up again.”

👀 👉🏼 https://www.usatoday.com/story/tech/2020/09/28/health-care-provider-united-health-services-hit-cyberattack/3565533001/

👀 👉🏼 https://techcrunch.com/2020/09/28/universal-health-services-ransomware/

#usa #ransomware #cyberattack
📡@cRyPtHoN_INFOSEC_DE
📡
@cRyPtHoN_INFOSEC_EN
📡
@BlackBox_Archiv
📡
@NoGoolag
American faces prison over bad Tripadvisor review of resort in Thailand

An American has been sued by an island resort in Thailand over a negative TripAdvisor review, authorities said Saturday, and could face up to two years in prison if found guilty. Domestic tourism is still happening in Thailand, where coronavirus numbers are relatively low, with locals and expats heading to near-empty resorts -- including Koh Chang island, famed for its sandy beaches and turquoise waters.

But a recent visit to the Sea View Resort on the island landed Wesley Barnes in trouble after he wrote unflattering online reviews about his holiday.

"The Sea View Resort owner filed a complaint that the defendant had posted unfair reviews on his hotel on the Tripadvisor website," Colonel Thanapon Taemsara of Koh Chang police told AFP.

https://www.cbsnews.com/news/american-faces-prison-bad-tripadvisor-review-thailand/

#Asia #Thailand #TripAdvisor #review
SpaceX’s Starlink satellites could make US Army navigation hard to jam

New research shows Elon Musk’s broadband network could work as an alternative to GPS

SpaceX has already launched more than 700 Starlink satellites, with thousands more due to come online in the years ahead. Their prime mission is to provide high-speed internet virtually worldwide, extending it to many remote locations that have lacked reliable service to date.

Now, research funded by the US Army has concluded that the growing mega-constellation could have a secondary purpose: doubling as a low-cost, highly accurate, and almost unjammable alternative to GPS. The new method would use existing Starlink satellites in low Earth orbit (LEO) to provide near-global navigation services.

https://www.technologyreview.com/2020/09/28/1008972/us-army-spacex-musk-starlink-satellites-gps-unjammable-navigation/

#US #StarLink #USArmy #navigation
This media is not supported in your browser
VIEW IN TELEGRAM
Amazon One lets you pay with your palm

Amazon wants its palm recognition technology in stores, stadiums, and office buildings.

Amazon is unveiling its own palm recognition technology today that will be used initially to turn your hand into a personal credit card inside the company’s physical retail stores. Amazon One uses the palm of your hand to identify you, using a combination of surface-area details like lines and ridges, alongside vein patterns to create a “palm signature.”

👀 👉🏼 https://www.theverge.com/2020/9/29/21493094/amazon-one-palm-recognition-hand-payments-amazon-go-store

#amazon #DeleteAmazon #palm #recognition #payments #video #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡
@cRyPtHoN_INFOSEC_EN
📡
@BlackBox_Archiv
📡
@NoGoolag
Forwarded from Memes (Channel_bot)
Media is too big
VIEW IN TELEGRAM
Revealed: Trump campaign strategy to deter millions of Black Americans from voting in 2016

3.5 million Black Americans were profiled and categorised as ‘Deterrence’ by Trump campaign – voters they wanted to stay home on election day

👀 👉🏼
https://www.channel4.com/news/revealed-trump-campaign-strategy-to-deter-millions-of-black-americans-from-voting-in-2016

#usa #trump #campaign #strategy #voting #thinkabout #video
📡@cRyPtHoN_INFOSEC_DE
📡
@cRyPtHoN_INFOSEC_EN
📡
@BlackBox_Archiv
📡
@NoGoolag
A new license to hack

The German Federal Intelligence Service (BND) is to be allowed to hack mobile phone and Internet providers quite legally in the future. This is the result of the new BND draft law, which we are publishing. The Federal Constitutional Court had classified the old law as unconstitutional and overturned it.

The German Federal Intelligence Service is looking for hackers (m/f/d) via job advertisement and overwrites an employee story with a license to hack. Business trips abroad belong to the intelligence hackers like "unique" attack tools with which they are supposed to penetrate computer networks and collect data. The focus of the BND is on networks outside Germany. For a long time, the secret service agents considered non-European countries in particular to be "outlawed".

In May, the Federal Constitutional Court set the BND the highest judicial limits. The judges from Karlsruhe made it clear: Even abroad, the German state is bound by basic rights; human dignity and the secrecy of telecommunications apply not only to Germans. The highest court declared the only four-year-old BND law of the Grand Coalition unconstitutional.

The legislator must therefore amend the BND law by the end of 2021. The Federal Chancellery has prepared a draft bill and sent it to the other ministries on Friday. We publish the draft law in full text.

As the employer of the secret service, the Federal Chancellery tries with the new law to comply with the court's requirements on the one hand and to restrict the BND as little as possible on the other hand. This can be seen among other things in the offensive hacking powers.

👀 👉🏼 Translated from German with DeepL:
https://netzpolitik.org/2020/bnd-gesetz-eine-neue-lizenz-zum-hacken/

👀 👉🏼 🇩🇪 Draft law amending the law on the Federal Intelligence Service to implement the provisions of the Federal Constitutional Court's ruling of 19 May 2020 (1 BvR 2835/17)
https://netzpolitik.org/2020/bnd-gesetz-eine-neue-lizenz-zum-hacken/#2020-09-25_Bundeskanzleramt_Referentenentwurf_BND-Gesetz

#bnd #germany #secretservice #law #hacking #netpolitics #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡
@cRyPtHoN_INFOSEC_EN
📡
@BlackBox_Archiv
📡
@NoGoolag
DuckDuckGo cries fowl after being expunged from Google's Android search preferences menu for most of Europe.

Pro-privacy upstart claims EU antitrust remedy is not fit for purpose

Privacy-focused search engine DuckDuckGo will no longer appear on Google's European search preference menu for Android in most countries, despite being the most popular choice after Google.

The company has complained in response to Google's publication of its latest "choice screen winners". In 2019 Google agreed to provide Android users a prompt for selecting the default search provider, in response to a July 2018 decision by the European Commission that Google has been abusing its dominant position by tying the Google search app with the Play Store.

https://www.theregister.com/2020/09/29/googles_android_search_preference_menu/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Google announces crackdown on in-app billing, aimed at Netflix and Spotify.

Google gives developers one year to stop ignoring its in-app billing rules.

With a lot of focus lately on how smartphone app developers are treated on Apple's and Google's app stores, Google has decided right now is a great time to announce more stringent app store billing rules. A new post from the official Android Developer Blog promises a crackdown on in-app billing that sounds like it's targeted at big streaming services like Netflix and Spotify.

Google's post really beats around the bush trying to sugar-coat this announcement, but it starts off by saying, "We’ve always required developers who distribute their apps on Play to use Google Play’s billing system if they offer in-app purchases of digital goods,

https://arstechnica.com/gadgets/2020/09/google-announces-crackdown-on-in-app-billing-aimed-at-netflix-and-spotify/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag