Forwarded from BlackBox (Security) Archiv
PWDB - New generation of Password Mass-Analysis
One out of every 142 passwords is '123456'
The '123456' password was spotted 7 million times across a data trove of one billion leaked credentials, on one of the biggest password re-use studies of its kind.
ππΌ PWDB - New generation of Password Mass-Analysis
https://github.com/FlameOfIgnis/Pwdb-Public
ππΌ Read more:
https://www.zdnet.com/article/one-out-of-every-142-passwords-is-123456/
#passwords #study #analysis
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@NoGoolag
π‘@BlackBox
One out of every 142 passwords is '123456'
The '123456' password was spotted 7 million times across a data trove of one billion leaked credentials, on one of the biggest password re-use studies of its kind.
ππΌ PWDB - New generation of Password Mass-Analysis
https://github.com/FlameOfIgnis/Pwdb-Public
ππΌ Read more:
https://www.zdnet.com/article/one-out-of-every-142-passwords-is-123456/
#passwords #study #analysis
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@NoGoolag
π‘@BlackBox
GitHub
GitHub - ignis-sec/Pwdb-Public: A collection of all the data i could extract from 1 billion leaked credentials from internet.
A collection of all the data i could extract from 1 billion leaked credentials from internet. - ignis-sec/Pwdb-Public
Forwarded from BlackBox (Security) Archiv
How the Dark Web Drug Supply Has Responded to COVID-19
The darknet drug markets suffered initial disruptions in shipment speeds before recovering to become more efficient than legitimate supply chain systems.
Like legitimate supply chains, dark web drug markets depend on substance imports from China, and the coronavirus pandemic led to closure of Chinese chemical supply firms and factories.
Importantly, drug dealers depend of legitimate trade routes to sustain their illicit commercial activities. The fact that EU borders remained open did not make things better for most of the darknet and legitimate supply chains as shipping capacities took a nose dive.
Nonetheless, although the coronavirus-related restrictions seemed to freeze operations across the global drug supply chains, the situation in the dark web economy was different. Mexican drug cartels suffered from the pandemicβs economic ramifications as user buying power tanked β meanwhile, the darknet drug markets did not really suffer a serious dent in drug sales.
π ππΌ (Tor-Browser)
http://tapeucwutvne7l5o.onion/how-the-dark-web-drug-supply-has-responded-to-covid-19
π ππΌ Online Drug Markets Are Entering a 'Golden Age'
https://www.vice.com/en_us/article/dyz3v7/online-drug-markets-are-entering-a-golden-age
π ππΌ Vaccine for COVID-19 and Other Scams on the Dark Web
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vaccine-for-covid-19-and-other-scams-on-the-dark-web/
π ππΌ (PDF) From Dealer to Doorstep β How Drugs Are Sold On the Dark Net
https://www.swansea.ac.uk/media/From-Dealer-to-Doorstep-%C3%A2%C2%80%C2%93-How-Drugs-Are-Sold-On-the-Dark-Net.pdf
π ππΌ (PDF) EMCDDA AND EUROPOL ANALYSE IMPACT OF PANDEMIC ON EU DRUG MARKETS
https://www.emcdda.europa.eu/system/files/attachments/13099/COVID19_DrugMarkets_EMCDDA_Europol_Final_web.pdf
#darknet #markets #drugs #europol #covid #study #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
The darknet drug markets suffered initial disruptions in shipment speeds before recovering to become more efficient than legitimate supply chain systems.
Like legitimate supply chains, dark web drug markets depend on substance imports from China, and the coronavirus pandemic led to closure of Chinese chemical supply firms and factories.
Importantly, drug dealers depend of legitimate trade routes to sustain their illicit commercial activities. The fact that EU borders remained open did not make things better for most of the darknet and legitimate supply chains as shipping capacities took a nose dive.
Nonetheless, although the coronavirus-related restrictions seemed to freeze operations across the global drug supply chains, the situation in the dark web economy was different. Mexican drug cartels suffered from the pandemicβs economic ramifications as user buying power tanked β meanwhile, the darknet drug markets did not really suffer a serious dent in drug sales.
π ππΌ (Tor-Browser)
http://tapeucwutvne7l5o.onion/how-the-dark-web-drug-supply-has-responded-to-covid-19
π ππΌ Online Drug Markets Are Entering a 'Golden Age'
https://www.vice.com/en_us/article/dyz3v7/online-drug-markets-are-entering-a-golden-age
π ππΌ Vaccine for COVID-19 and Other Scams on the Dark Web
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vaccine-for-covid-19-and-other-scams-on-the-dark-web/
π ππΌ (PDF) From Dealer to Doorstep β How Drugs Are Sold On the Dark Net
https://www.swansea.ac.uk/media/From-Dealer-to-Doorstep-%C3%A2%C2%80%C2%93-How-Drugs-Are-Sold-On-the-Dark-Net.pdf
π ππΌ (PDF) EMCDDA AND EUROPOL ANALYSE IMPACT OF PANDEMIC ON EU DRUG MARKETS
https://www.emcdda.europa.eu/system/files/attachments/13099/COVID19_DrugMarkets_EMCDDA_Europol_Final_web.pdf
#darknet #markets #drugs #europol #covid #study #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Vice
Online Drug Markets Are Entering a 'Golden Age'
VICE News analysis shows darknet drug markets are emerging from coronavirus lockdown stronger than ever, with increased sales and more robust defences against hackers.
Forwarded from BlackBox (Security) Archiv
Is the web getting slower?
A story on Hacker News recently argued that webpage speeds haven't improved, even as internet speeds have gone up.
This article explains why that conclusion can't be drawn from the original data.
We'll also look at how devices and the web have changed over the past 10 years, and what those changes have meant for web performance.
π‘ ππΌ https://www.debugbear.com/blog/is-the-web-getting-slower
π ππΌ The Need for Speed, 23 Years Later:
https://www.nngroup.com/articles/the-need-for-speed/
#webpage #speed #internet #study #report #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
A story on Hacker News recently argued that webpage speeds haven't improved, even as internet speeds have gone up.
This article explains why that conclusion can't be drawn from the original data.
We'll also look at how devices and the web have changed over the past 10 years, and what those changes have meant for web performance.
π‘ ππΌ https://www.debugbear.com/blog/is-the-web-getting-slower
π ππΌ The Need for Speed, 23 Years Later:
https://www.nngroup.com/articles/the-need-for-speed/
#webpage #speed #internet #study #report #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Debugbear
Is The Web Getting Slower? | DebugBear
As consumer devices and internet speeds become faster, website become larger and more complex. Is website performance getting worse overall?
Forwarded from BlackBox (Security) Archiv
Internet history can be used for βreidentificationβ finds study by Mozilla
A recent research paper has reaffirmed that our internet history can be reliably used to identify us. The research was conducted by Sarah Bird, Ilana Segall, and Martin Lopatka from Mozilla and is titled: Replication: Why We Still Canβt Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories. The paper was released at the Symposium on Usable Privacy and Security and is a continuation of a 2012 paper that highlighted the same reidentifiability problem.
βΌοΈ Just your internet history can be used to reidentify you on the internet βΌοΈ
Using data from 52,000 consenting Firefox users, the researchers were able to identify 48,919 distinct browsing profiles which had 99% uniqueness.
This is especially concerning because internet history is routinely sold by your internet service provider (ISP) and mobile data provider to third party advertising and marketing firms which are demonstrably able to tie a list of sites back to an individual they already have a profile on β even if the ISP claims to be βanonymizingβ the data being sold. This is a legally sanctioned activity ever since 2017 when Congress voted to get rid of broadband privacy and allow the monetization of this type of data collection.
This type of βhistory-based profilingβ is undoubtedly being used to build ad profiles on internet users around the world. Previous studies have shown that an IP address usually stays static for about a month β which the researchers noted: βis more than enough time to build reidentifiable browsing profiles.β
π ππΌ (PDF)
https://www.usenix.org/system/files/soups2020-bird.pdf
π ππΌ https://www.cozyit.com/internet-history-can-be-used-for-reidentification-finds-study-by-mozilla/
#mozilla #study #research #internet #history #reidentification #thinkabout #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
A recent research paper has reaffirmed that our internet history can be reliably used to identify us. The research was conducted by Sarah Bird, Ilana Segall, and Martin Lopatka from Mozilla and is titled: Replication: Why We Still Canβt Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories. The paper was released at the Symposium on Usable Privacy and Security and is a continuation of a 2012 paper that highlighted the same reidentifiability problem.
βΌοΈ Just your internet history can be used to reidentify you on the internet βΌοΈ
Using data from 52,000 consenting Firefox users, the researchers were able to identify 48,919 distinct browsing profiles which had 99% uniqueness.
This is especially concerning because internet history is routinely sold by your internet service provider (ISP) and mobile data provider to third party advertising and marketing firms which are demonstrably able to tie a list of sites back to an individual they already have a profile on β even if the ISP claims to be βanonymizingβ the data being sold. This is a legally sanctioned activity ever since 2017 when Congress voted to get rid of broadband privacy and allow the monetization of this type of data collection.
This type of βhistory-based profilingβ is undoubtedly being used to build ad profiles on internet users around the world. Previous studies have shown that an IP address usually stays static for about a month β which the researchers noted: βis more than enough time to build reidentifiable browsing profiles.β
π ππΌ (PDF)
https://www.usenix.org/system/files/soups2020-bird.pdf
π ππΌ https://www.cozyit.com/internet-history-can-be-used-for-reidentification-finds-study-by-mozilla/
#mozilla #study #research #internet #history #reidentification #thinkabout #pdf
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Forwarded from BlackBox (Security) Archiv
No, the Darknet is not the stronghold of all evil!
The anonymization service Tor can be used for good and bad, a study examines what outweighs. However, this goes a long way wrong.
To obtain information about the usage patterns of the Tor network, scientists Eric Jardine (Virginia Tech/USA), Andrew Lindner (Skidmore College/USA) and Gareth Owenson (University of Portsmouth/UK) operated about 1 percent of the Tor entry nodes for about seven months between December 31, 2018, and August 18, 2019, and studied the connections that were made there.
π ππΌ https://www.pnas.org/content/early/2020/11/24/2011893117
#tor #darknet #study #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
The anonymization service Tor can be used for good and bad, a study examines what outweighs. However, this goes a long way wrong.
To obtain information about the usage patterns of the Tor network, scientists Eric Jardine (Virginia Tech/USA), Andrew Lindner (Skidmore College/USA) and Gareth Owenson (University of Portsmouth/UK) operated about 1 percent of the Tor entry nodes for about seven months between December 31, 2018, and August 18, 2019, and studied the connections that were made there.
π ππΌ https://www.pnas.org/content/early/2020/11/24/2011893117
#tor #darknet #study #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Forwarded from BlackBox (Security) Archiv
pgpp-arxiv20.pdf
7.1 MB
Pretty Good Phone Privacy
To receive service in todayβs cellular architecture, phones uniquely identify themselves to towers and thus to operators. This is now a cause of major privacy violations, as operators sell and leak identity and location data of hundreds of millionsof mobile users.
In this paper, we take an end-to-end perspective on thecellular architecture and find key points of decoupling that enable us to protect user identity and location privacy with no changes to physical infrastructure, no added latency, and no requirement of direct cooperation from existing operators.
https://raghavan.usc.edu/papers/pgpp-arxiv20.pdf
#phone #privacy #study #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
To receive service in todayβs cellular architecture, phones uniquely identify themselves to towers and thus to operators. This is now a cause of major privacy violations, as operators sell and leak identity and location data of hundreds of millionsof mobile users.
In this paper, we take an end-to-end perspective on thecellular architecture and find key points of decoupling that enable us to protect user identity and location privacy with no changes to physical infrastructure, no added latency, and no requirement of direct cooperation from existing operators.
https://raghavan.usc.edu/papers/pgpp-arxiv20.pdf
#phone #privacy #study #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Forwarded from BlackBox (Security) Archiv
EPRS_STU(2021)656336_EN.pdf
3.6 MB
Online platforms: Economic and societal effects
Online platforms such as #Google, #Amazon, and #Facebook play an increasingly central role in the economy and society. They operate as digital intermediaries across interconnected sectors and markets subject to network effects. These firms have grown to an unprecedented scale, propelled by data-driven business models. Online platforms have a massive impact on individual users and businesses, and are recasting the relationships between customers, advertisers, workers and employers.
https://www.europarl.europa.eu/RegData/etudes/STUD/2021/656336/EPRS_STU(2021)656336_EN.pdf
#online #platforms #study #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Online platforms such as #Google, #Amazon, and #Facebook play an increasingly central role in the economy and society. They operate as digital intermediaries across interconnected sectors and markets subject to network effects. These firms have grown to an unprecedented scale, propelled by data-driven business models. Online platforms have a massive impact on individual users and businesses, and are recasting the relationships between customers, advertisers, workers and employers.
https://www.europarl.europa.eu/RegData/etudes/STUD/2021/656336/EPRS_STU(2021)656336_EN.pdf
#online #platforms #study #pdf
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Forwarded from BlackBox (Security) Archiv
Mass Extraction: The Widespread Power of U.S. Law Enforcement to Search Mobile Phones
Every day, law enforcement agencies across the country search thousands of cellphones, typically incident to arrest. To search phones, law enforcement agencies use mobile device forensic tools (MDFTs), a powerful technology that allows police to extract a full copy of data from a cellphone β all emails, texts, photos, location, app data, and more β which can then be programmatically searched. As one expert puts it, with the amount of sensitive information stored on smartphones today, the tools provide a βwindow into the soul.β
This report documents the widespread adoption of MDFTs by law enforcement in the United States. Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia. We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant. To our knowledge, this is the first time that such records have been widely disclosed.
Every American is at risk of having their phone forensically searched by law enforcement.
https://www.upturn.org/reports/2020/mass-extraction/
π‘ Read as well:
https://www.eff.org/deeplinks/2021/03/fbi-should-stop-attacking-encryption-and-tell-congress-about-all-encrypted-phones
#usa #fbi #lawenforcement #massextraction #MDFT #mobilephones #cellphones #encryption #decryption #study #thinkabout
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Every day, law enforcement agencies across the country search thousands of cellphones, typically incident to arrest. To search phones, law enforcement agencies use mobile device forensic tools (MDFTs), a powerful technology that allows police to extract a full copy of data from a cellphone β all emails, texts, photos, location, app data, and more β which can then be programmatically searched. As one expert puts it, with the amount of sensitive information stored on smartphones today, the tools provide a βwindow into the soul.β
This report documents the widespread adoption of MDFTs by law enforcement in the United States. Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia. We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant. To our knowledge, this is the first time that such records have been widely disclosed.
Every American is at risk of having their phone forensically searched by law enforcement.
https://www.upturn.org/reports/2020/mass-extraction/
π‘ Read as well:
https://www.eff.org/deeplinks/2021/03/fbi-should-stop-attacking-encryption-and-tell-congress-about-all-encrypted-phones
#usa #fbi #lawenforcement #massextraction #MDFT #mobilephones #cellphones #encryption #decryption #study #thinkabout
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Upturn
Mass Extraction | Upturn
This report is the most comprehensive examination of U.S. law enforcementβs use of mobile device forensic tools.
Forwarded from BlackBox (Security) Archiv
apple_google.pdf
1.4 MB
Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google
We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins.
βΌοΈ The phone IMEI, hardware serial number, SIM serial number and IMSI, handsetphone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this.
π‘ When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Currently there are few, if any, realistic options for preventing this data sharing.
https://www.scss.tcd.ie/doug.leith/apple_google.pdf
#apple #google #study #telemetry #data #mobilephones #pdf
π‘ @nogoolag @blackbox_archiv
We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins.
βΌοΈ The phone IMEI, hardware serial number, SIM serial number and IMSI, handsetphone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this.
π‘ When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Currently there are few, if any, realistic options for preventing this data sharing.
https://www.scss.tcd.ie/doug.leith/apple_google.pdf
#apple #google #study #telemetry #data #mobilephones #pdf
π‘ @nogoolag @blackbox_archiv
Forwarded from BlackBox (Security) Archiv
ndss2021_1C-3_23159_paper.pdf
430.5 KB
All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers
Contact discovery allows users of mobile messengers to conveniently connect with people in their address book.
In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods.
Our study of three popular mobile messengers (WhatsApp, Signal, and Telegram) shows that, contrary to expectations, largescale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we have queried 10 % of US mobile phone numbers for WhatsApp and 100 % for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service.
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-3_23159_paper.pdf
#contact #messenger #telegram #whatsapp #signal #crawling #attacks #study #pdf
π‘ @nogoolag π‘ @blackbox_archiv
Contact discovery allows users of mobile messengers to conveniently connect with people in their address book.
In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods.
Our study of three popular mobile messengers (WhatsApp, Signal, and Telegram) shows that, contrary to expectations, largescale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we have queried 10 % of US mobile phone numbers for WhatsApp and 100 % for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service.
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-3_23159_paper.pdf
#contact #messenger #telegram #whatsapp #signal #crawling #attacks #study #pdf
π‘ @nogoolag π‘ @blackbox_archiv
Source for the above Pfizer study:
https://www.medrxiv.org/content/10.1101/2021.07.28.21261159v1
#pfizer #study
https://www.medrxiv.org/content/10.1101/2021.07.28.21261159v1
#pfizer #study
medRxiv
Six Month Safety and Efficacy of the BNT162b2 mRNA COVID-19 Vaccine
Background BNT162b2 is a lipid nanoparticle-formulated, nucleoside-modified RNA vaccine encoding a prefusion-stabilized, membrane-anchored SARS-CoV-2 full-length spike protein. BNT162b2 is highly efficacious against COVID-19 and is currently authorized forβ¦
A study in 2014 conducted by none other than the NIH, found that cloth mask penetration was 97%, and that moisture retention and reuse of cloth masks can actually increase the risk of infection!!!
Source: https://pubmed.ncbi.nlm.nih.gov/25903751/
#mask #study #nih
Source: https://pubmed.ncbi.nlm.nih.gov/25903751/
#mask #study #nih
On the contrary, a study says COVID-19 deaths remain extremely rare in children and young people β with most fatalities occurring within 30 days of infection and in children with specific underlying conditions
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4125501
#covid #poison #booster #children #kids #fauci #study #scamdemic #comorbidities
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4125501
#covid #poison #booster #children #kids #fauci #study #scamdemic #comorbidities