Forwarded from NoGoolag
■■■■□ Seven things we learned from #WhatsApp vs. #NSO Group #pegasus spyware lawsuit.
https://techcrunch.com/2025/05/13/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit/
https://techcrunch.com/2025/05/13/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit/
TechCrunch
Eight things we learned from WhatsApp vs. NSO Group spyware lawsuit | TechCrunch
The landmark trial between WhatsApp and NSO Group unearthed several new revelations.
Forwarded from NoGoolag
NoGoolag
■■■■□ Seven things we learned from #WhatsApp vs. #NSO Group #pegasus spyware lawsuit. https://techcrunch.com/2025/05/13/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit/
■■■■□ Jewish NSO group Fallout.
NSO Group developed a specialized system called the WhatsApp Installation Server (WIS) to deploy its Pegasus spyware. This server sent malformed messages through WhatsApp's infrastructure, mimicking legitimate traffic. These messages exploited vulnerabilities in WhatsApp's code, causing target devices to reach out to NSO-controlled servers and install the spyware—all without user interaction.
To achieve this, NSO reverse-engineered WhatsApp, extracting and decompiling its code to craft messages that a standard client couldn't send. These techniques violated WhatsApp's Terms of Service and applicable laws.
NSO admitted to developing multiple exploit vectors, including Eden and Erised, which were part of a suite called Hummingbird. Notably, Erised was developed and used even after WhatsApp filed its lawsuit in 2019, continuing until WhatsApp implemented server-side patches in May 2020.
Additionally, NSO leased infrastructure from Amazon Web Services (AWS) starting in December 2018 to support its operations. AWS terminated these services in 2021 after being alerted to their misuse.
This case underscores the sophisticated methods employed by NSO to exploit communication platforms and the challenges in defending against such advanced threats.
Forwarded from NoGoolag
NoGoolag
■■■■□ Jewish NSO group Fallout. NSO Group developed a specialized system called the WhatsApp Installation Server (WIS) to deploy its Pegasus spyware. This server sent malformed messages through WhatsApp's infrastructure, mimicking legitimate traffic. These…
■■■■□ NSO Fallout
Between April and May 2019, NSO Group's Pegasus spyware targeted 1,223 WhatsApp users across 51 countries. The distribution of victims by country is as follows:
Country Number of Victims
Mexico 456
India 100
Bahrain 82
Morocco 69
Pakistan 58
Indonesia 54
Israel 51
Spain 12
Netherlands 11
Hungary 8
France 7
United Kingdom 2
United States 1
The majority of these victims were journalists, human rights defenders, and members of civil society. Notably, 456 victims were in Mexico, highlighting the extensive reach of the spyware.
A visual map detailing the global distribution of these victims was published by Amnesty International and other research groups.
This data underscores the widespread misuse of Pegasus spyware against individuals in numerous countries.
Forwarded from NoGoolag
NoGoolag
■■■■□ NSO Fallout Between April and May 2019, NSO Group's Pegasus spyware targeted 1,223 WhatsApp users across 51 countries. The distribution of victims by country is as follows: Country Number of Victims Mexico 456 India 100 Bahrain 82 Morocco 69 Pakistan…
■■■■■ Here's a full technical rewrite of the WhatsApp vs. NSO Group spyware case, focusing on CVE-2019-3568, its exploitation logic, and WhatsApp’s patch implementation:
➿➿
Remote, via malformed RTCP (Real-time Transport Control Protocol) packets sent during a WhatsApp voice call
Remote Code Execution (RCE) in WhatsApp process without user interaction (zero-click)
Android and iOS WhatsApp clients
➿➿
1. Target Surface
Exploit leverages the libSRTP-based VoIP stack, which handles RTCP packets used for session feedback and control in encrypted voice calls.
RTCP parsing logic failed to sanitize certain control fields, especially those related to extended report block lengths and payload types.
2. Exploit Algorithm Flow
1. Attacker initiates WhatsApp voice call to target (call never needs to be answered).
2. During SIP/VoIP session setup, attacker injects a malformed RTCP packet:
- Payload includes an extended report (XR) with a length field that causes heap corruption.
- The data pointer is shifted to point into a controlled heap region.
3. Heap spray is used prior to the call to fill memory with ROP gadgets or shellcode.
4. WhatsApp’s VoIP thread parses the corrupted RTCP payload:
- Triggers a buffer overflow
- Hijacks return address via overwritten heap metadata
5. Final stage loader downloads and injects the Pegasus spyware binary into user space.
➿➿
A lack of proper bounds checking in srtp_unprotect() when handling compound RTCP packet lengths.
Specifically, incorrect handling of:
block_length in XR headers
packet size mismatch vs actual read buffer
ASLR and DEP were bypassed using dynamic heap shaping and ROP chains tailored to the victim’s device/OS version.
➿➿
Patch Details (May 2019)
WhatsApp Patch Analysis
Introduced stricter validation in the VoIP media engine:
Validated block_length and total_length fields in RTCP/XR headers
Rejected malformed RTCP packets that exceeded expected control sizes
Recompiled the VoIP library with stack canaries, PIE, RELRO, and hardened malloc on Android and iOS
Moved critical parsing logic out of untrusted network threads into a sandboxed process (in newer versions)
Net Result
Fully blocked the RTCP overflow path
Rendered Pegasus’s existing payload delivery channel ineffective
Led NSO to shift to other attack chains (like the “Heaven” WhatsApp impersonation method)
➿➿
Tool Purpose
🤍WIS WhatsApp impersonator client (Heaven)
🤍Q&Q Toolset RTCP generator and packet modifier
🤍Pegasus Final payload with device takeover
🤍TraceStitch Heap layout prediction & ROP generator
➿➿
➿➿
CVE-2019-3568 – WhatsApp VoIP Stack RCEExploit Summary
CVE-ID: CVE-2019-3568
Vulnerability Type: Memory corruption – heap-based buffer overflow
Attack Vector:
Remote, via malformed RTCP (Real-time Transport Control Protocol) packets sent during a WhatsApp voice call
Impact:
Remote Code Execution (RCE) in WhatsApp process without user interaction (zero-click)
Platform:
Android and iOS WhatsApp clients
Patched:WhatsApp v2.19.134 (Android) and v2.19.51 (iOS), May 2019.
➿➿
Exploitation Logic
1. Target Surface
Exploit leverages the libSRTP-based VoIP stack, which handles RTCP packets used for session feedback and control in encrypted voice calls.
RTCP parsing logic failed to sanitize certain control fields, especially those related to extended report block lengths and payload types.
2. Exploit Algorithm Flow
1. Attacker initiates WhatsApp voice call to target (call never needs to be answered).
2. During SIP/VoIP session setup, attacker injects a malformed RTCP packet:
- Payload includes an extended report (XR) with a length field that causes heap corruption.
- The data pointer is shifted to point into a controlled heap region.
3. Heap spray is used prior to the call to fill memory with ROP gadgets or shellcode.
4. WhatsApp’s VoIP thread parses the corrupted RTCP payload:
- Triggers a buffer overflow
- Hijacks return address via overwritten heap metadata
5. Final stage loader downloads and injects the Pegasus spyware binary into user space.
➿➿
Vulnerability Root Cause
A lack of proper bounds checking in srtp_unprotect() when handling compound RTCP packet lengths.
Specifically, incorrect handling of:
block_length in XR headers
packet size mismatch vs actual read buffer
ASLR and DEP were bypassed using dynamic heap shaping and ROP chains tailored to the victim’s device/OS version.
➿➿
Patch Details (May 2019)
WhatsApp Patch Analysis
Introduced stricter validation in the VoIP media engine:
Validated block_length and total_length fields in RTCP/XR headers
Rejected malformed RTCP packets that exceeded expected control sizes
Recompiled the VoIP library with stack canaries, PIE, RELRO, and hardened malloc on Android and iOS
Moved critical parsing logic out of untrusted network threads into a sandboxed process (in newer versions)
Net Result
Fully blocked the RTCP overflow path
Rendered Pegasus’s existing payload delivery channel ineffective
Led NSO to shift to other attack chains (like the “Heaven” WhatsApp impersonation method)
➿➿
Notable Tools Used by NSO Group
Tool Purpose
🤍WIS WhatsApp impersonator client (Heaven)
🤍Q&Q Toolset RTCP generator and packet modifier
🤍Pegasus Final payload with device takeover
🤍TraceStitch Heap layout prediction & ROP generator
➿➿
Forensics Indicators
Malformed rtcp packets seen in logs: unusual XR block types and lengths.WhatsApp crash logs showing access violation in libwhatsapp.so VoIP thread.Outbound connections to AWS/Vultr endpoints post-exploitation.Forwarded from NoGoolag
Introducing oniux: Kernel-level Tor isolation for any Linux app
https://blog.torproject.org/introducing-oniux-tor-isolation-using-linux-namespaces/
https://blog.torproject.org/introducing-oniux-tor-isolation-using-linux-namespaces/
blog.torproject.org
Introducing oniux: Kernel-level Tor isolation for any Linux app | Tor Project
Introducing oniux: Kernel-level Tor isolation for any Linux app. This torsocks alternative uses namespaces to isolate Linux applications over the Tor network and eliminate data leaks.
Forwarded from Derrick Broze's Daily News
Decentralization in Action: Odysee Welcomes the Independent Media Alliance to Portal
At Odysee, we’ve always believed in giving creators the tools to control their own destinies. That’s why we’re thrilled to announce that the Independent Media Alliance (IMA) - a coalition led by Whitney Webb, Derrick Broze, and Ryan Cristián - will soon be launching its own Portal within our emerging Decentralized Media Ecosystem (DME).
This is more than just a new partnership. It’s a powerful demonstration of what’s possible when independent voices are equipped with the right tools to protect their editorial integrity and speak directly to their communities - without relying on the whims of centralized platforms or algorithmic gatekeepers.
https://odysee.com/@Odysee:8/welcomestheindependentmediaalliancetoportal:b
At Odysee, we’ve always believed in giving creators the tools to control their own destinies. That’s why we’re thrilled to announce that the Independent Media Alliance (IMA) - a coalition led by Whitney Webb, Derrick Broze, and Ryan Cristián - will soon be launching its own Portal within our emerging Decentralized Media Ecosystem (DME).
This is more than just a new partnership. It’s a powerful demonstration of what’s possible when independent voices are equipped with the right tools to protect their editorial integrity and speak directly to their communities - without relying on the whims of centralized platforms or algorithmic gatekeepers.
https://odysee.com/@Odysee:8/welcomestheindependentmediaalliancetoportal:b
Odysee
Decentralization in Action: Odysee Welcomes the Independent Media Alliance to Portal
View on Odysee: Decentralization in Action: Odysee Welcomes the Independent Media Alliance to Portal
Forwarded from NoGoolag
IMA: Artificial Intelligence And Its Influence On Research/Investigation
Today the Independent Media Alliance (#IMA) brings you a panel focusing on artificial intelligence and the many ways that it is influencing or entirely changing research and investigation, as well as the world at large. There are many powerful benefits that can come from utilizing #AI in research and very serious concerns many of us share about the potential downsides to its use as well. We will be taking an objective look at both the concerns and benefits.
Far too many seem to be taking the responses of AI chat bots at face value, with little or no interrogation, due to those behind their creation. Others will outright dismiss a data point due to its AI origin with no further investigation.
Today we will discuss how this tool is being used, how it may be influencing those who use it, and whether this AI future is indeed inevitable.
https://odysee.com/@theconsciousresistance:7/IMA-Artificial-Intelligence:0
https://www.bitchute.com/video/Hi1jwqw48zns
https://www.youtube.com/watch?v=GlzcEH4xJvs
Today the Independent Media Alliance (#IMA) brings you a panel focusing on artificial intelligence and the many ways that it is influencing or entirely changing research and investigation, as well as the world at large. There are many powerful benefits that can come from utilizing #AI in research and very serious concerns many of us share about the potential downsides to its use as well. We will be taking an objective look at both the concerns and benefits.
Far too many seem to be taking the responses of AI chat bots at face value, with little or no interrogation, due to those behind their creation. Others will outright dismiss a data point due to its AI origin with no further investigation.
Today we will discuss how this tool is being used, how it may be influencing those who use it, and whether this AI future is indeed inevitable.
https://odysee.com/@theconsciousresistance:7/IMA-Artificial-Intelligence:0
https://www.bitchute.com/video/Hi1jwqw48zns
https://www.youtube.com/watch?v=GlzcEH4xJvs
Odysee
IMA: Artificial Intelligence And Its Influence On Research/Investigation
Today the Independent Media Alliance (IMA) brings you a panel focusing on artificial intelligence and the many ways that it is influencing or entirely changing research and investigation, as well as t...
Forwarded from Derrick Broze's Daily News
Going to listen to this tonight.
An Interview With the Herald of the Apocalypse
Is artificial intelligence about to take your job? According to Daniel Kokotajlo, the executive director of the A.I. Futures Project, that should be the least of your worries. Kokotajlo was once a researcher for OpenAI, but left after losing confidence in the company’s commitment to A.I. safety. This week, he joins Ross to talk about “AI 2027,” a series of predictions and warnings about the risks A.I. poses to humanity in the coming years, from radically transforming the economy to developing armies of robots.
https://www.podbean.com/media/share/dir-cwcj6-2570ccb8
An Interview With the Herald of the Apocalypse
Is artificial intelligence about to take your job? According to Daniel Kokotajlo, the executive director of the A.I. Futures Project, that should be the least of your worries. Kokotajlo was once a researcher for OpenAI, but left after losing confidence in the company’s commitment to A.I. safety. This week, he joins Ross to talk about “AI 2027,” a series of predictions and warnings about the risks A.I. poses to humanity in the coming years, from radically transforming the economy to developing armies of robots.
https://www.podbean.com/media/share/dir-cwcj6-2570ccb8
Podbean
An Interview With the Herald of the Apocalypse
Is artificial intelligence about to take your job? According to Daniel Kokotajlo, the executive director of the A.I. Futures Project, that should be the least of your worries. Kokotajlo was once a researcher for OpenAI, but left after losing confidence in…
Forwarded from NoGoolag
This media is not supported in your browser
VIEW IN TELEGRAM
Google presents LightLab: https://nadmag.github.io/LightLab/
Controlling Light Sources in Images with Diffusion Models
Controlling Light Sources in Images with Diffusion Models
Forwarded from Gizchina.com
US Lawmakers Push to Stop Huawei’s HarmonyOS From Spreading Globally
https://www.gizchina.com/2025/05/17/us-lawmakers-push-to-stop-huaweis-harmonyos-from-spreading-globally/
https://www.gizchina.com/2025/05/17/us-lawmakers-push-to-stop-huaweis-harmonyos-from-spreading-globally/
No deleted account found from
53 scanned users from this group 🚫👻Forwarded from 𝗽𝗼𝗽𝗠𝗢𝗗𝗦 | 𝗙𝗢𝗦𝗦, 𝗟𝗶𝗳𝗲, 𝗠𝗲𝗺𝗲𝘀 (Ömer)
spotify-qt
An unofficial Spotify client using Qt as a simpler, lighter alternative to the official client. Please note that you need an actual Spotify client running, for example librespot, which can be configured from within the app.
🔗 Links:
- Download
- Screenshot
- Source code
Developer: kraxie
Special thanks to @ketsblog for post
🏷 Tags: #Linux #Windows #Music
An unofficial Spotify client using Qt as a simpler, lighter alternative to the official client. Please note that you need an actual Spotify client running, for example librespot, which can be configured from within the app.
🔗 Links:
- Download
- Screenshot
- Source code
Developer: kraxie
Special thanks to @ketsblog for post
❤️ Support the Project
If this project makes your life easier, here are a few quick ways to show some love:
⭐ Star the repo/app
☕ Buy a coffee for the developer
🛠 Contribute code, issues, or pull-requests
🏷 Tags: #Linux #Windows #Music
Forwarded from Hacker News
X (formerly Twitter)
LaurieWired (@lauriewired) on X
What if humanity forgot how to make CPUs?
Imagine Zero Tape-out Day (Z-Day), the moment where no further silicon designs ever get manufactured. Advanced core designs fare out very badly.
Assuming we keep our existing supply, here’s how it would play out:
Imagine Zero Tape-out Day (Z-Day), the moment where no further silicon designs ever get manufactured. Advanced core designs fare out very badly.
Assuming we keep our existing supply, here’s how it would play out:
Forwarded from Hacker News
Forwarded from Hacker News
Forwarded from Hacker News
Forwarded from Hacker News