Forwarded from BlackBox (Security) Archiv
This media is not supported in your browser
VIEW IN TELEGRAM
Audit-Protokoll-Analysis with Palantir Gotham
πΊ https://archive.org/details/youtube-i4f381YNQdQ
#BigData #surveillance #police #eu #palantir #software #gotham #peterthiel #ebay
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
π‘@FLOSSb0xIN
πΊ https://archive.org/details/youtube-i4f381YNQdQ
#BigData #surveillance #police #eu #palantir #software #gotham #peterthiel #ebay
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
π‘@FLOSSb0xIN
Forwarded from BlackBox (Security) Archiv
Kasper-Spy: Kaspersky Anti-Virus puts users at risk
Kaspersky promises security and data protection. However, a data leak allowed third parties to spy on users while they were surfing the web. For years.
A strange discovery on my office computer led me to unearth an astonishing data leak caused by Kaspersky's antivirus software. Originally, I had installed the software in order to experience the promised added value during everyday use. We, journalists at c't magazine, regularly test antivirus software, and this was part of a test for our c't issue 3/2019.
The following weeks and months seemed to offer little excitement β the Kaspersky software worked essentially as well or as badly as Windows Defender. One day, however, I made a strange discovery. I looked at the HTML source code of an arbitrary website and came across the following line of code:
To investigate, I experimented with webbrowsers Firefox, Edge, and Opera. Again, the same line of code popped up everywhere. Since I had no suspicious browser extensions installed which could be responsible, the simple conclusion was that Kaspersky's virus protection was manipulating my traffic. Without my permission, it was injecting that code. Before that day, I had observed such behaviour only from online banking Trojans. That is malware built to manipulate bank websites, for example to secretly change the recipient of a money transfer. But what the heck was Kaspersky doing there?
My first examination of Kaspersky's script main.js showed me that, among other things, it displays green icons with Google search results if Kaspersky believes the relevant link to lead to a clean website. This could have been the end of my analysis, but there was this one small detail: The address from which the Kaspersky script was loaded contained a suspicious string:
I expanded my experiment and installed the Kaspersky software on other computers. Kaspersky also injected JavaScript on those other systems. However, I discovered a crucial difference: The UUID in the source address was different on each system. The IDs were persistent and did not change, even several days later. So it was clear that each computer had it's own permanently assigned ID.
ππΌ Read more:
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
#Kaspersky #AntiVirus #software #Spy #DataLeak
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
Kaspersky promises security and data protection. However, a data leak allowed third parties to spy on users while they were surfing the web. For years.
A strange discovery on my office computer led me to unearth an astonishing data leak caused by Kaspersky's antivirus software. Originally, I had installed the software in order to experience the promised added value during everyday use. We, journalists at c't magazine, regularly test antivirus software, and this was part of a test for our c't issue 3/2019.
The following weeks and months seemed to offer little excitement β the Kaspersky software worked essentially as well or as badly as Windows Defender. One day, however, I made a strange discovery. I looked at the HTML source code of an arbitrary website and came across the following line of code:
<script type="text/javascript" src="https://gc.kis.v2.scr.kaspersky-labs.com/9344FDA7-AFDF-4BA0-A915-4D7EEB9A6615/main.js" charset="UTF-8"></script>Obviously, an external JavaScript script named main.js was being loaded from a Kaspersky domain. This is not uncommon, since a website nowadays hardly works without external JavaScript resources. However, when I checked the HTML source of other websites displayed in my browser, I found the strange code on each and every page. Without exception, even on the website of my bank, a script from Kaspersky was introduced. So I had an inkling that the Kaspersky software might have something to do with it.
To investigate, I experimented with webbrowsers Firefox, Edge, and Opera. Again, the same line of code popped up everywhere. Since I had no suspicious browser extensions installed which could be responsible, the simple conclusion was that Kaspersky's virus protection was manipulating my traffic. Without my permission, it was injecting that code. Before that day, I had observed such behaviour only from online banking Trojans. That is malware built to manipulate bank websites, for example to secretly change the recipient of a money transfer. But what the heck was Kaspersky doing there?
My first examination of Kaspersky's script main.js showed me that, among other things, it displays green icons with Google search results if Kaspersky believes the relevant link to lead to a clean website. This could have been the end of my analysis, but there was this one small detail: The address from which the Kaspersky script was loaded contained a suspicious string:
https://gc.kis.v2.scr.kaspersky-labs.com/9344FDA7-AFDF-4BA0-A915-4D7EEB9A6615/main.jsThe part marked bold has a characteristic pattern. The structure matches a so-called Universally Unique Identifier (UUID). These IDs are used to make things, well, uniquely identifiable. But who or what can be identified using the Kaspersky ID?
I expanded my experiment and installed the Kaspersky software on other computers. Kaspersky also injected JavaScript on those other systems. However, I discovered a crucial difference: The UUID in the source address was different on each system. The IDs were persistent and did not change, even several days later. So it was clear that each computer had it's own permanently assigned ID.
ππΌ Read more:
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
#Kaspersky #AntiVirus #software #Spy #DataLeak
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
30 506 internet domain names shut down for intellectual property infringement
Law enforcement #authorities from 18 #EU Member States1 and third parties in a joint investigation with #Europol and the US National Intellectual Property Rights Coordination Centre 2, facilitated by #Eurojust and #INTERPOL, have #seized over 30 506 #domain names that distributed #counterfeit and #pirated items over the internet during operation #IOSX. These included counterfeit #pharmaceuticals and pirated #movies, illegal #television #streaming, #music, #software, #electronics, and other bogus products.
3 arrests and 26 000 luxury products seized
During the investigation, officials arrested 3 suspects, seized 26 000 luxury products (clothes, perfumes), 363 litres of alcoholic beverages, and many hardware devices. They identified and froze more than β¬150 000 in several bank accounts and online payment platforms.
Europol βs Intellectual Property Crime Coordinated Coalition (IPCΒ³) supported the investigation on the ground by deploying experts with a mobile office. Europol officers carried out real-time information exchange and cross-checks of the data gathered during the course of the action against Europolβs databases. In addition, #IPC3 experts organised several online investigation techniques training courses in intellectual property infringements in 2019 with law enforcement authorities all over #Europe.
ππΌ Read more:
https://www.europol.europa.eu/newsroom/news/30-506-internet-domain-names-shut-down-for-intellectual-property-infringement
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Law enforcement #authorities from 18 #EU Member States1 and third parties in a joint investigation with #Europol and the US National Intellectual Property Rights Coordination Centre 2, facilitated by #Eurojust and #INTERPOL, have #seized over 30 506 #domain names that distributed #counterfeit and #pirated items over the internet during operation #IOSX. These included counterfeit #pharmaceuticals and pirated #movies, illegal #television #streaming, #music, #software, #electronics, and other bogus products.
3 arrests and 26 000 luxury products seized
During the investigation, officials arrested 3 suspects, seized 26 000 luxury products (clothes, perfumes), 363 litres of alcoholic beverages, and many hardware devices. They identified and froze more than β¬150 000 in several bank accounts and online payment platforms.
Europol βs Intellectual Property Crime Coordinated Coalition (IPCΒ³) supported the investigation on the ground by deploying experts with a mobile office. Europol officers carried out real-time information exchange and cross-checks of the data gathered during the course of the action against Europolβs databases. In addition, #IPC3 experts organised several online investigation techniques training courses in intellectual property infringements in 2019 with law enforcement authorities all over #Europe.
ππΌ Read more:
https://www.europol.europa.eu/newsroom/news/30-506-internet-domain-names-shut-down-for-intellectual-property-infringement
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
CCC analyses Munich's state trojan FinSpy
The technical #analysis of copies of the #FinSpy #malware substantiates the reasons for the criminal complaint against the Munich manufacturer of the #StateTrojan. The #CCC publishes its report as well as several variants of FinSpy and a complete documentation of the analysis.
#Security researchers of the Chaos Computer Club (CCC) have analyzed a total of 28 copies of the #spy-#software FinSpy for #Android from 2012 to 2019. The main focus of the investigation was the origin of the malware and the date of its production. The reason for the investigation is the criminal complaint of the Gesellschaft fΓΌr Freiheitsrechte (GFF) and other organizations against the German group of companies #FinFisher because of the deliberate violation of licensing requirements for dual-use software according to Β§ 18 para. 2 No. 1 and Β§ 18 para. 5 No. 1 Foreign Trade Act (AWG).
The CCC today publishes its comprehensive report: Evolution of a private sector malware for governmental players
π‘ The result of the analysis is that a copy of malware, which according to the GFF was used against the Turkish opposition movement in 2016, was clearly created after the EU export control regulations for surveillance software came into force.
π‘ By comparing it with over twenty other copies from a seven-year period, the CCC shows continuity in the further development into which this copy fits. This is seen as a strong indication that it is a variant of the state Trojan "FinSpy". FinSpy is a product of the FinFisher group of companies, which has branches in Munich and elsewhere.
π‘ In its report, the CCC also documents references to German-speaking developers that can be found in the source code.
"Our analysis shows that surveillance software originally from Germany was apparently used against democratic dissidents," said Linus Neumann, one of the authors of the analysis. "How this could have come about, the public prosecutor's office and the customs criminal office must now clarify."
https://github.com/linuzifer/FinSpy-Dokumentation
https://github.com/devio/FinSpy-Tools
ππΌ Read more:
https://www.ccc.de/de/updates/2019/finspy
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
The technical #analysis of copies of the #FinSpy #malware substantiates the reasons for the criminal complaint against the Munich manufacturer of the #StateTrojan. The #CCC publishes its report as well as several variants of FinSpy and a complete documentation of the analysis.
#Security researchers of the Chaos Computer Club (CCC) have analyzed a total of 28 copies of the #spy-#software FinSpy for #Android from 2012 to 2019. The main focus of the investigation was the origin of the malware and the date of its production. The reason for the investigation is the criminal complaint of the Gesellschaft fΓΌr Freiheitsrechte (GFF) and other organizations against the German group of companies #FinFisher because of the deliberate violation of licensing requirements for dual-use software according to Β§ 18 para. 2 No. 1 and Β§ 18 para. 5 No. 1 Foreign Trade Act (AWG).
The CCC today publishes its comprehensive report: Evolution of a private sector malware for governmental players
π‘ The result of the analysis is that a copy of malware, which according to the GFF was used against the Turkish opposition movement in 2016, was clearly created after the EU export control regulations for surveillance software came into force.
π‘ By comparing it with over twenty other copies from a seven-year period, the CCC shows continuity in the further development into which this copy fits. This is seen as a strong indication that it is a variant of the state Trojan "FinSpy". FinSpy is a product of the FinFisher group of companies, which has branches in Munich and elsewhere.
π‘ In its report, the CCC also documents references to German-speaking developers that can be found in the source code.
"Our analysis shows that surveillance software originally from Germany was apparently used against democratic dissidents," said Linus Neumann, one of the authors of the analysis. "How this could have come about, the public prosecutor's office and the customs criminal office must now clarify."
https://github.com/linuzifer/FinSpy-Dokumentation
https://github.com/devio/FinSpy-Tools
ππΌ Read more:
https://www.ccc.de/de/updates/2019/finspy
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
Open Source Guides
Open source software is made by people just like you. Learn how to launch and grow your project.
Open Source Guides are a collection of resources for individuals, communities, and companies who want to learn how to run and contribute to an open source project.
ππΌ Read more:
https://opensource.guide/
https://github.com/github/opensource.guide#readme
#OpenSource #software #guide
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Open source software is made by people just like you. Learn how to launch and grow your project.
Open Source Guides are a collection of resources for individuals, communities, and companies who want to learn how to run and contribute to an open source project.
ππΌ Read more:
https://opensource.guide/
https://github.com/github/opensource.guide#readme
#OpenSource #software #guide
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Open Source Guides
Learn how to launch and grow your project.
Forwarded from BlackBox (Security) Archiv
Many Police Departments Have Software That Can Identify People In Crowds
BriefCam, a facial recognition and surveillance video analysis company, sells the ability to surveil protesters and enforce social distancing β without the public knowing.
As protesters demand an end to police brutality and the coronavirus pandemic sweeps the nation, police departments around the country are using software that can track and identify people in crowds from surveillance footage β often with little to no public oversight or knowledge.
Dozens of cities around the country are using BriefCam, which sells software that allows police to comb through surveillance footage to monitor protests and enforce social distancing, and almost all of these cities have hosted protests against police brutality in the weeks since George Floyd was killed in police custody, BuzzFeed News has found.
Some of the cities using BriefCamβs technology β such as New Orleans and St. Paul β have been the site of extreme police violence, with officers using rubber bullets, tear gas, and batons on protesters. Authorities in Chicago; Boston; Detroit; Denver; Doral, Florida; Hartford, Connecticut; and Santa Fe County, New Mexico have also used it.
Some cities said they were not using BriefCam in conjunction with the protests or the pandemic. The St. Paul Police Department told BuzzFeed News that it has not used BriefCam βto detect social distancing or face masksβ or βfor crowd detection/monitoring protests.β The department representative did not respond when asked if there is department policy that prevents it.
BriefCam shows the line between contact tracing, policing, and surveillance can be thin β as cities can spend tens of thousands of dollars for powerful technology, with few restrictions on how police can use it.
BriefCam did not return multiple requests for comment or respond to a detailed list of questions.
π‘ https://www.buzzfeednews.com/article/carolinehaskins1/police-software-briefcam
π‘ https://www.crunchbase.com/organization/briefcam#section-funding-rounds
π‘ https://www.briefcam.com/company/about/
Read more π©πͺ:
https://netzpolitik.org/2020/briefcam-dutzende-staedte-in-den-usa-haben-gesichtserkennung-fuer-demonstrationen/
#usa #surveillance #police #software #BriefCam #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
BriefCam, a facial recognition and surveillance video analysis company, sells the ability to surveil protesters and enforce social distancing β without the public knowing.
As protesters demand an end to police brutality and the coronavirus pandemic sweeps the nation, police departments around the country are using software that can track and identify people in crowds from surveillance footage β often with little to no public oversight or knowledge.
Dozens of cities around the country are using BriefCam, which sells software that allows police to comb through surveillance footage to monitor protests and enforce social distancing, and almost all of these cities have hosted protests against police brutality in the weeks since George Floyd was killed in police custody, BuzzFeed News has found.
Some of the cities using BriefCamβs technology β such as New Orleans and St. Paul β have been the site of extreme police violence, with officers using rubber bullets, tear gas, and batons on protesters. Authorities in Chicago; Boston; Detroit; Denver; Doral, Florida; Hartford, Connecticut; and Santa Fe County, New Mexico have also used it.
Some cities said they were not using BriefCam in conjunction with the protests or the pandemic. The St. Paul Police Department told BuzzFeed News that it has not used BriefCam βto detect social distancing or face masksβ or βfor crowd detection/monitoring protests.β The department representative did not respond when asked if there is department policy that prevents it.
BriefCam shows the line between contact tracing, policing, and surveillance can be thin β as cities can spend tens of thousands of dollars for powerful technology, with few restrictions on how police can use it.
BriefCam did not return multiple requests for comment or respond to a detailed list of questions.
π‘ https://www.buzzfeednews.com/article/carolinehaskins1/police-software-briefcam
π‘ https://www.crunchbase.com/organization/briefcam#section-funding-rounds
π‘ https://www.briefcam.com/company/about/
Read more π©πͺ:
https://netzpolitik.org/2020/briefcam-dutzende-staedte-in-den-usa-haben-gesichtserkennung-fuer-demonstrationen/
#usa #surveillance #police #software #BriefCam #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
BuzzFeed News
Many Police Departments Have Software That Can Identify People In Crowds
BriefCam, a facial recognition and surveillance video analysis company, sells the ability to surveil protesters and enforce social distancing β without the public knowing.
Forwarded from BlackBox (Security) Archiv
ISP Ordered to Hand Over Piratesβ Details After Cracked Software βPhoned Homeβ
Alleged pirates who installed cracked copies of expensive Siemens CAD tools on their computers are facing potentially huge settlement demands after the software "phoned home" informing the company of the illicit use. The Australian Federal Court has ordered ISP Telstra to hand over the personal details of the suspected infringers.
Reports of movie companies tracking down alleged pirates in order to extract cash settlements are commonplace today.
After IP addresses are monitored in BitTorrent swarms, companies regularly obtain court orders requiring ISPs to hand over the personal details of alleged infringers, to whom they send correspondence threatening a lawsuit, unless they pay up of course.
On first view, a case in Australia seems to follow a similar pattern but the details reveal a more interesting set of circumstances.
In an application filed at the Federal Court in Australia, Siemens Industry Software Inc asked the Court to compel local ISP Telstra to reveal the identities and personal details of β20 potential infringing usersβ who used βcrackedβ versions of its software.
However, instead of tracking these alleged pirates in BitTorrent swarms, Siemens obtained evidence of their infringement directly from their computers.
ππΌ Read more:
https://torrentfreak.com/isp-ordered-to-hand-over-pirates-details-after-cracked-software-phoned-home-200629/
#isp #australia #pirates #software #cracked
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@NoGoolag
π‘@BlackBox
Alleged pirates who installed cracked copies of expensive Siemens CAD tools on their computers are facing potentially huge settlement demands after the software "phoned home" informing the company of the illicit use. The Australian Federal Court has ordered ISP Telstra to hand over the personal details of the suspected infringers.
Reports of movie companies tracking down alleged pirates in order to extract cash settlements are commonplace today.
After IP addresses are monitored in BitTorrent swarms, companies regularly obtain court orders requiring ISPs to hand over the personal details of alleged infringers, to whom they send correspondence threatening a lawsuit, unless they pay up of course.
On first view, a case in Australia seems to follow a similar pattern but the details reveal a more interesting set of circumstances.
In an application filed at the Federal Court in Australia, Siemens Industry Software Inc asked the Court to compel local ISP Telstra to reveal the identities and personal details of β20 potential infringing usersβ who used βcrackedβ versions of its software.
However, instead of tracking these alleged pirates in BitTorrent swarms, Siemens obtained evidence of their infringement directly from their computers.
ππΌ Read more:
https://torrentfreak.com/isp-ordered-to-hand-over-pirates-details-after-cracked-software-phoned-home-200629/
#isp #australia #pirates #software #cracked
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@NoGoolag
π‘@BlackBox
Torrentfreak
ISP Ordered to Hand Over Pirates' Details After Cracked Software 'Phoned Home' * TorrentFreak
Siemens has obtained a court order to identify alleged software pirates. The tools had an embedded "phone home" feature that blew the whistle
Forwarded from BlackBox (Security) Archiv
Report: Hundreds of apps have hidden tracking software used by the government
A new report exposes how a federal contractor secretly puts government tracking software into hundreds of mobile apps.
The data gleaned from this tracking is then sold back to the US government for undisclosed purposes.
This tactic is deceptive because the tracking isnβt disclosed. However, it appears to be totally legal.
A new report today from The Wall Street Journal exposes yet another concerning development when it comes to mobile phone tracking. According to the report, at least one federal contractor puts government tracking software in over 500 mobile applications.
The contractor β a Virginia-based company called Anomaly Six LLC β pays mobile developers to include its in-house tracking code within their apps. The trackers then collect anonymized data from our phones and Anomaly Six aggregates that data and sells it to the US government.
It sounds crazy, but itβs happening. Whatβs more, it appears itβs totally legal.
π ππΌ https://www.androidauthority.com/government-tracking-apps-1145989/
π ππΌ https://www.wsj.com/articles/u-s-government-contractor-embedded-software-in-apps-to-track-phones-11596808801
#usa #government #tracking #software #apps #smartphones #data #surveillance #why #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
A new report exposes how a federal contractor secretly puts government tracking software into hundreds of mobile apps.
The data gleaned from this tracking is then sold back to the US government for undisclosed purposes.
This tactic is deceptive because the tracking isnβt disclosed. However, it appears to be totally legal.
A new report today from The Wall Street Journal exposes yet another concerning development when it comes to mobile phone tracking. According to the report, at least one federal contractor puts government tracking software in over 500 mobile applications.
The contractor β a Virginia-based company called Anomaly Six LLC β pays mobile developers to include its in-house tracking code within their apps. The trackers then collect anonymized data from our phones and Anomaly Six aggregates that data and sells it to the US government.
It sounds crazy, but itβs happening. Whatβs more, it appears itβs totally legal.
π ππΌ https://www.androidauthority.com/government-tracking-apps-1145989/
π ππΌ https://www.wsj.com/articles/u-s-government-contractor-embedded-software-in-apps-to-track-phones-11596808801
#usa #government #tracking #software #apps #smartphones #data #surveillance #why #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Android Authority
Report: Hundreds of apps have hidden tracking software used by the government
According to a new report, there is government tracking software hidden in hundreds of apps. The software is undisclosed, put there by federal contractors.
Forwarded from BlackBox (Security) Archiv
True privacy and security depend on free software
For all of the assurances you might receive from proprietary software companies that they respect your right to privacy, it is impossible to guarantee that your online communications are actually private without free software. Among technical users, it's common knowledge that privacy is dependent on strong encryption. However, the complex connection between software freedom, encryption, and privacy can be a little difficult to explain in the course of our individual activism, and is due for a more in-depth explanation.
Encryption is about keeping secrets secret, whether that means messages between you and a loved one, sensitive documents, or an entire hard drive. It also isn't only for those with something to hide: making strong encryption part of standard practice increases the safety of all those who really do need it by making it a normal thing to do. When your personal information is at stake, it's all the more important that encryption technology be based on free software. Even the most "benign" proprietary programs have a long history of mistreating their users, and a single "snitch" or backdoor in a proprietary encryption program in some cases could cost lives. At the FSF, we advocate for software freedom in any and all situations -- and in some cases, your safety may depend upon it.
π ππΌ https://www.fsf.org/bulletin/2020/spring/privacy-encryption
#privacy #encryption #backdoor #activism #software #freedom #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
For all of the assurances you might receive from proprietary software companies that they respect your right to privacy, it is impossible to guarantee that your online communications are actually private without free software. Among technical users, it's common knowledge that privacy is dependent on strong encryption. However, the complex connection between software freedom, encryption, and privacy can be a little difficult to explain in the course of our individual activism, and is due for a more in-depth explanation.
Encryption is about keeping secrets secret, whether that means messages between you and a loved one, sensitive documents, or an entire hard drive. It also isn't only for those with something to hide: making strong encryption part of standard practice increases the safety of all those who really do need it by making it a normal thing to do. When your personal information is at stake, it's all the more important that encryption technology be based on free software. Even the most "benign" proprietary programs have a long history of mistreating their users, and a single "snitch" or backdoor in a proprietary encryption program in some cases could cost lives. At the FSF, we advocate for software freedom in any and all situations -- and in some cases, your safety may depend upon it.
π ππΌ https://www.fsf.org/bulletin/2020/spring/privacy-encryption
#privacy #encryption #backdoor #activism #software #freedom #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
www.fsf.org
True privacy and security depend on free software
Forwarded from BlackBox (Security) Archiv
The Vintage Software Collection
The Vintage Software collection gathers various efforts by groups to classify, preserve, and provide historical software. These older programs, many of them running on defunct and rare hardware, are provided for purposes of study, education, and historical reference.
π ππΌ https://archive.org/details/vintagesoftware
#archive #vintage #software
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
The Vintage Software collection gathers various efforts by groups to classify, preserve, and provide historical software. These older programs, many of them running on defunct and rare hardware, are provided for purposes of study, education, and historical reference.
π ππΌ https://archive.org/details/vintagesoftware
#archive #vintage #software
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Forwarded from BlackBox (Security) Archiv
Most proprietary toasters are malware
Help me understand this (really).
Why should software be expected to have source code available? Don't get me wrong - I love SQLite and OpenSSL, but it has nothing to do with having access to the source code.
My toaster did not come with specs and design documents so I can change it. Neither did my power drill or car.
The music I listen do doesn't have synthesizer settings available and raw source before mixing. Movies I watch don't come with scripts, budgets, contacts, location licenses, etc.
What is it specifically about software that makes people think the source must be available? Where does this expectation come from?
https://news.ycombinator.com/item?id=26030126
#opensource #software #why
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Help me understand this (really).
Why should software be expected to have source code available? Don't get me wrong - I love SQLite and OpenSSL, but it has nothing to do with having access to the source code.
My toaster did not come with specs and design documents so I can change it. Neither did my power drill or car.
The music I listen do doesn't have synthesizer settings available and raw source before mixing. Movies I watch don't come with scripts, budgets, contacts, location licenses, etc.
What is it specifically about software that makes people think the source must be available? Where does this expectation come from?
https://news.ycombinator.com/item?id=26030126
#opensource #software #why
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Bad software sent postal workers to jail, because no one wanted to admit it could be wrong
Data from the Horizon system was used to prove they stole money β but they didn't
For the past 20 years UK Post Office employees have been dealing with a piece of software called Horizon, which had a fatal flaw: bugs that made it look like employees stole tens of thousands of British pounds.
This led to some local postmasters being convicted of crimes, even being sent to prison, because the Post Office doggedly insisted the software could be trusted.
After fighting for decades, 39 people are finally having their convictions overturned, after what is reportedly the largest miscarriage of justice that the UK has ever seen.
https://www.theverge.com/2021/4/23/22399721/uk-post-office-software-bug-criminal-convictions-overturned
#UK #PostOffice #worker #bad #software #miscarriage #justice
Data from the Horizon system was used to prove they stole money β but they didn't
For the past 20 years UK Post Office employees have been dealing with a piece of software called Horizon, which had a fatal flaw: bugs that made it look like employees stole tens of thousands of British pounds.
This led to some local postmasters being convicted of crimes, even being sent to prison, because the Post Office doggedly insisted the software could be trusted.
After fighting for decades, 39 people are finally having their convictions overturned, after what is reportedly the largest miscarriage of justice that the UK has ever seen.
https://www.theverge.com/2021/4/23/22399721/uk-post-office-software-bug-criminal-convictions-overturned
#UK #PostOffice #worker #bad #software #miscarriage #justice
Forwarded from BlackBox (Security) Archiv
Jamulus - Play music online. With friends. For free.
What is Jamulus?
Jamulus is software for playing music, rehearsing, or just jamming with anyone online with low latency. You can use your Windows, macOS or Linux machine to connect to Jamulus servers worldwide. Jamulus is free and you can just use your normal broadband connection. Simply connect to a public server or host your own private one. Jamulus has been in development since 2006 and is designed for high quality, low-latency sound, making it easy to play together remotely and in time.
https://jamulus.io/
https://github.com/jamulussoftware/jamulus
π‘ For detailed information about how Jamulus hacks the space-time continuum to produce a near-perfect 5th dimension of collaborative sound, see this paper by Volker Fischer (PDF).
#jamulus #software #music #online #jamming #opensource
π‘ @nogoolag π‘ @blackbox_archiv
What is Jamulus?
Jamulus is software for playing music, rehearsing, or just jamming with anyone online with low latency. You can use your Windows, macOS or Linux machine to connect to Jamulus servers worldwide. Jamulus is free and you can just use your normal broadband connection. Simply connect to a public server or host your own private one. Jamulus has been in development since 2006 and is designed for high quality, low-latency sound, making it easy to play together remotely and in time.
https://jamulus.io/
https://github.com/jamulussoftware/jamulus
π‘ For detailed information about how Jamulus hacks the space-time continuum to produce a near-perfect 5th dimension of collaborative sound, see this paper by Volker Fischer (PDF).
#jamulus #software #music #online #jamming #opensource
π‘ @nogoolag π‘ @blackbox_archiv
jamulus.io
Jamulus β Play music online. With friends. For free.
Jamulus is free and open source software that lets musicians perform music, rehearse or jam together, in real time over the Internet.
Media is too big
VIEW IN TELEGRAM
Reproducible Builds, the first ten years |Chaos Computer Club Berlin - ccc.de
In this talk Holger Levsen will give an overview about reproducible builds, the past, the presence and the future. How it started with a small BoF at DebConf13 (and before), how it grew from being a Debian effort to something many projects work on together, until in 2021 it was mentioned in an executive order of the president of the United States. And of course the talk will not end there but rather outline where we are today and where we still need to be going, until we'll all be running 100% reproducible software, verified by many.
https://reproducible-builds.org/docs/definition
#Software #ReproducibleBuilds #dev #Debian
In this talk Holger Levsen will give an overview about reproducible builds, the past, the presence and the future. How it started with a small BoF at DebConf13 (and before), how it grew from being a Debian effort to something many projects work on together, until in 2021 it was mentioned in an executive order of the president of the United States. And of course the talk will not end there but rather outline where we are today and where we still need to be going, until we'll all be running 100% reproducible software, verified by many.
https://reproducible-builds.org/docs/definition
#Software #ReproducibleBuilds #dev #Debian