Security, Privacy Issues Found in Tens of COVID-19 Contact Tracing Apps.

More info - HERE

📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Open Source Watomatic Android app sends automatic WhatsApp replies.

Regular WhatsApp accounts don't come with options to send automatic replies, e.g. to inform users who contact you that you are on Holiday or decided to migrate away from WhatsApp because of the recent privacy controversy surrounding the app and service. WhatsApp accounts will be limited and eventually deleted if users don't agree to the new privacy policy.

Users who don't agree may migrate to another chat service, Telegram, for example, introduced options to import WhatsApp chats recently.

https://www.ghacks.net/2021/02/27/open-source-watomatic-android-app-sends-automatic-whatsapp-replies/

https://github.com/adeekshith/watomatic

📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Deep Nostalgia uses video reenactment technology to animate faces in still photos

Those family photos hung on the wall might soon take on a new life.

The genealogy platform MyHeritage released a feature that animates faces in still photos using video reenactment technology.

The feature, called Deep Nostalgia, produces a realistic depiction of how a person could have moved and looked if they were captured on video.

https://eu.usatoday.com/story/tech/2021/02/25/deep-nostalgia-technology-animates-faces-still-photos/6814516002/

#deep #nostalgia #technology #video #reenactment #MyHeritage
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Fake Contacts

Android phone app that creates fake contacts, which will be stored on your smartphone along with your real contacts. This feeds fake data to any apps or companies who are copying our private data to use or sell it. This is called "data-poisoning".

Nothing about these fake contacts will interfere with your normal use of your phone or your real contacts.

https://github.com/BillDietrich/fake_contacts

https://f-droid.org/en/packages/me.billdietrich.fake_contacts/

#fakecontacts #contacts #data #poisoning

Whitney Webb on the Oxford-AstraZeneca Eugenics Links

Even some in the independent media have bought into the hype surrounding the Oxford-AstraZeneca COVID vaccine and its “not-for-profit” nature. But once you peel back the layers of obfuscation you quickly find not only the profit motive hiding underneath, but the dark specter of eugenics. Whitney Webb of Unlimited Hangout joins us to discuss her recent article, “Developers of Oxford-AstraZeneca Vaccine Tied to UK Eugenics Movement.”

Shownotes:
https://www.corbettreport.com/interview-1619-whitney-webb-on-the-oxford-astrazeneca-eugenics-links/

Whitney Webb:
https://unlimitedhangout.com

📡 @unlimitedhangout

👥 @unlimitedhangoutgroup


#coronavirus #vaccines #Google #censorship

The Oswald Institute of Virology, COVID-19 Origins & US Military Biowarfare w/ gumby4christ

https://mediaroots.org/media-roots-radio-the-oswald-institute-of-virology-covid-19-origins-us-military-biowarfare-w-gumby4christ/

Robbie Martin is joined once again by deep politics researcher gumby4christ to discuss the mysterious origins of COVID-19 and to parse through the torrent of anti-China propaganda seeping it's way into the US media ecosystem on all sides.

As a growing consensus builds around the possibility of COVID-19 being man-made/lab-created Robbie and gumby4christ examine why the Wuhan Institute of Virology was scapegoated as the culprit while neocon think-tanks and other nefarious political actors (including from the 'intellectual dark web') omitted the involvement of white Americans with ties to the US bioweapons industry when rushing to characterize this possible scenario as a Chinese military bio-weapons release.

#coronavirus #wuhan

Setup for testing Android app vulnerabilities

In the previous article I documented my approach for reverse engineering an Android game. But getting my hands on the code is only one part of security research. Once a potential issue is identified, I need to verify that it is actually exploitable. So there is no way around messing with an actual live app. Ideally that has to happen in a controlled environment with emulated hardware. As before, this is mostly me writing things down for my future self, but it might come useful for other people as well.

💡 Contents

✅ Choosing a virtualization approach

✅ Setting up Android SDK

✅ Minimal proof of concept Android app

✅ Adding debugging output to the target application

https://palant.info/2021/02/22/setup-for-testing-android-app-vulnerabilities/

#setup #testing #android #app #vulnerabilities #guide
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

DoJ Steps Up Investigation into NSO Group – Report.

The US government appears to be stepping up its investigation into a controversial spyware developer currently locked in a legal battle with WhatsApp.

Lawyers with the Department of Justice (DoJ) recently requested more technical information from the Facebook messaging business regarding its court case, a person with knowledge of the matter told The Guardian.

WhatsApp took Israeli firm NSO Group to court in the US in 2019, alleging the latter was directly responsible for cyber-espionage attacks deploying Pegasus spyware on 1400 of its users.

https://www.infosecurity-magazine.com/news/doj-steps-up-investigation-into/

📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Android 10 Ported To RISC-V Board Powered By Alibaba T-Head XuanTie C910 Processor

RISC-V has made a lot of progress in just a few years, but for anything requiring 3D graphics acceleration, it’s not quite there yet. and we only expect RISC-V SoC with Imagination Technologies GPU to come out later this year on hardware such as BeagleV SBC.

An OS that will definitely require 3D graphics acceleration is Android, and work has already started since T-Head, a business entity of Alibaba Group specializing in semiconductor chips, has already ported Android 10 (AOSP) on RISC-V architecture with support for graphics and the touchscreen display.

https://www.cnx-software.com/2021/01/22/android-10-ported-to-risc-v-board-powered-by-alibaba-t-head-xuantie-c910-soc/

https://www.youtube.com/watch?v=bH0sKxd0_x4


📡 @cnxsoftware
#riscv #Android

Google patches actively exploited Chrome browser zero-day vulnerability

Upgrading your Chrome build as quickly as possible is recommended.

Google has warned of reports that a zero-day vulnerability in the Chrome browser is being actively exploited in the wild.

The vulnerability, tracked as CVE-2021-21166, was reported by Alison Huffman from the Microsoft Browser Vulnerability Research team on February 11 and is described as an "object lifecycle issue in audio."

Google has labeled the vulnerability as a "high" severity security flaw and has fixed the issue in the latest Chrome release.

Alongside CVE-2021-21166, Huffman also recently reported another high-severity bug, CVE-2021-21165, another object lifestyle issue in audio problem, and CVE-2021-21163, an insufficient data validation issue in Reader Mode.

The tech giant has not revealed further details concerning how CVE-2021-21166 is being exploited, or by whom.

Google's announcement, published on Tuesday, also marked the release of Chrome 89 to the stable desktop channel for Windows, Mac, and Linux machines, which is currently rolling out. Users should upgrade to Chrome 89.0.4389.72 once available.

https://www.zdnet.com/article/google-patches-actively-exploited-chrome-browser-zero-day-vulnerability/

#google #chrome #zeroday #vulnerability
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

How to turn off the ANDROID TRACKING SERVICES [ROOT required]

Let's start:

👉🏼 Download Termux from Google Playstore and install and open it.

Install Packages:

pkg install aapt jq tsu curl -y

( Asks for root privileges, allow this ❗️👇🏽)

cd /data/data/com.termux/files/usr/bin
cp -R aapt /system/xbin/aapt
cp -R jq /system/xbin/jq
cp  -R curl /system/xbin/curl
chmod +x /system/xbin/aapt
chmod +x /system/xbin/jq
chmod +x /system/xbin/curl

👉🏼 Download the script from here:
https://drive.google.com/drive/folders/1_G6-M8ToF0PsjY0HIrZIAVrTHT6nbptE

💡 (Please always use the latest version)

👉🏼 Unpack to 👉🏼 /sdcard and then enter the following command...:

termux-setup-storage (grant permission)

👉🏼 Then enter:

 cd /sdcard

(with root) 👇🏽

tsu

bash DisableTrackers.sh sys (Add ❗️)

After that, just reboot your device and the job is done.

#root #android #tracking #services #guide
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Google says once third-party cookies are toast, Chrome won't help ad networks track individuals around the web

Notes an 'erosion of trust' – gee, wonder who could be responsible for that...

Google says it will not come up with new ways to track individual netizens as they browse the web once Chrome phases out third-party cookies, commonly used for loosely observing people's online activities.

In effect, the browser will not provide ad networks – and Google runs a very large one – alternative identifiers that can be used to follow individuals around the web, though it's not clear exactly how this will impact Google, which already has a variety of ways to shadow internet users.

Early last year, Google announced a plan to kill off third-party cookies, often used to associate you with the websites you visit so that adverts tailored to your interests can be shown on pages. Google made the move after other major browser makers decided to block third-party cookies by default because the little scraps of data can be abused to subvert privacy, and after regulators made it clear they had concerns about ad tech giants Google and Facebook.

Google aims to replace third-party cookies with its Privacy Sandbox, an umbrella term for a set of proposals from Google and other ad tech firms, to allow behavioral ad targeting to continue without individualized tracking identifiers.

Instead, the ad goliath intends to target broad groups of netizens defined by a common interest – eg, jazz fans – through a system called FLoC (Federated Learning of Cohorts), and at narrower groups defined by past interest-based interaction, through a scheme called FLEDGE (First "Locally-Executed Decision over Groups.")

Google plans to start testing FLoC-based cohorts publicly via origin trials in next month's release of Chrome and to make testing available for advertisers in Q2.

The idea has alarmed the ad industry, which isn't keen to give up the ability to track people and has proposed alternatives like a new identifier based on data like email addresses, normally classified as personal information.

https://www.theregister.com/2021/03/03/google_internet_tracking_pledge/

#google #DeleteGoogle #internet #tracking #advertising #cookies #chrome #browser #thinkabout #why
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Brave goes after Google with privacy-first search engine

https://www.xda-developers.com/brave-search-engine-privacy-first/

https://brave.com/brave-search/

#searchengine #brave

Chrome 89 Patches Actively Exploited Vulnerability.

Google this week announced the availability of Chrome 89 in the stable channel, with patches for a total of 47 vulnerabilities, including one that has been exploited in the wild

Tracked as CVE-2021-21166, the zero-day security hole is described as a high-severity “object lifecycle issue in audio.” The bug was reported by Alison Huffman of Microsoft Browser Vulnerability Research, is the second of this type addressed in Chrome 89, alongside CVE-2021-21165, also rated high risk.

“Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild,” the Internet giant notes, without providing further details on exploitation, impact, or attack vectors

The bug is only one of the 32 flaws that were reported by external researchers n patched with the release of Chrome 89

https://www.securityweek.com/chrome-89-patches-actively-exploited-vulnerability

📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Google Chrome: It's time to ditch the browser.

We created the monster that Google Chrome has become. Only we can destroy it.

Google Chrome is the most-used browser on the internet. The browser rose to fame as an alternative to slow, sluggish incumbents -- Internet Explorer and Safari. But Google Chrome has become the new leader, and as a result has itself become the sluggish incumbent.

It became the thing we hated. We created a monster.

I know that picking the "best" browser is a personal and potentially controversial thing. It's a bit like asking whose Mom makes the best apple pie (mine, of course), or whether it's cats or dogs that rule (cats, because dogs are just a rubbish, attention-seeking kind of cat).

https://www.zdnet.com/article/google-chrome-its-time-to-ditch-the-browser/

📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

NY testing 'COVID passport'

With the limited resumption of sporting events at venues in New York, Madison Square Garden and the Barclays Center will be used as testing grounds for a new digital pass that could confirm the owner's COVID status. It will confirm an individual's vaccination or recent negative coronavirus test.

First tested at the Brooklyn Nets game at Barclays Center on Feb. 27, the Excelsior Pass created with IBM, was tested for a second time during the New York Rangers game on Tuesday at Madison Square Garden.

Like a mobile boarding pass, people can print out their Excelsior Pass or store it on their smartphones. The pass has a secure QR code which the venue then scans to confirm the owner's COVID status. The QR code only informs the venue if a pass is valid or invalid.

Plans are in the works for the Excelsior Pass to make its way to Apple and Google app stores.

https://www.fox5ny.com/news/ny-testing-covid-passport

#US #NewYork #covid #excelsior #pass

EFF urges Google to ground its FLoC: 'Pro-privacy' third-party cookie replacement not actually great for privacy.

'That is not the world we want, nor the one users deserve'

With the arrival of Google Chrome v89 on Tuesday, Google is preparing to test a technology called Federated Learning of Cohorts, or FLoC, that it hopes will replace increasingly shunned, privacy-denying third-party cookies.

Bennett Cyphers, staff technologist at the Electronic Frontier Foundation, argues FLoC is "a terrible idea," and urges Google to refocus its efforts on building a web that serves the people who use it.

"Instead of re-inventing the tracking wheel, we should imagine a better world without the myriad problems of targeted ads," he said in a blog post.

https://www.theregister.com/2021/03/05/eff_google_floc/

📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Let's Encrypt's performance is currently degraded due to a DDoS attack

Our services' performance is currently degraded due to a Distributed Denial of Service (DDoS) attack, which we are working to mitigate.

https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6044830be2838505358d3108

#letsencrypt #ddos #attacks
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

How to Ditch YouTube - HERE Are The Best Video Platforms

YouTube has issues, here's how we fix them! This video explores methods of improving YouTube, as well as different platforms altogether.

Odysee: https://odysee.com/
Bitchute: https://www.bitchute.com/
PeerTube: https://joinpeertube.org/
RSS: https://zapier.com/blog/how-to-use-rss-feeds/

Techlore videos:
Odysee: https://odysee.com/@techlore:3
📹 PeerTube: https://tube.privacytools.io/accounts/techlore/video-channels

#yt #youtube #alternatives

Doosra is Helping to Create an Alternative Digital Identity.

Doosra app allows you to stay away from spam and pesky calls, messages with great ease.

Facebook, WhatsApp, Twitter, and other online media platforms have been approached to verify the identity of their users — this could be either through telephone numbers or government-provided IDs like the Aadhaar card. Putting your number online isn't only a danger even with expanding government observation. It is additionally about security and online safety since personal data can have in-real-life (IRL) outcomes like being targeted by stalkers, trolls, or individuals looking to hack into your account. “Where there is personal data, there is a great risk of hackers trying to steal it,” pointed out Mozilla in a statement.

https://www.ehackingnews.com/2021/03/doosra-is-helping-to-create-alternative.html

📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag