Bitcoin Inventory Out-of-Memory Denial-of-Service Attack - Researcher kept a major Bitcoin bug secret for two years to prevent attacks

The INVDoS bug would have allowed attackers to crash Bitcoin nodes and other similar blockchains.

In 2018, a security researcher discovered a major vulnerability in Bitcoin Core, the software that powers the Bitcoin blockchain, but after reporting the issue and having it patched, the researcher opted to keep details private in order to avoid hackers exploiting the issue.

Technical details were published earlier this week after the same vulnerability was independently discovered in another cryptocurrency, based on an older version of the Bitcoin code that hadn't received the patch.

Called INVDoS, the vulnerability is a classic denial-of-service (DoS) attack. While in many cases, DoS attacks are harmless, they are not for internet-reachable systems, which need to have stable uptime in order to process transactions.

INVDoS was discovered in 2018 by Braydon Fuller, a Bitcoin protocol engineer. Fuller found that an attacker could create malformed Bitcoin transactions that, when processed by Bitcoin blockchain nodes, would lead to uncontrolled consumption of the server's memory resources, which would eventually crash impacted systems.

👀 👉🏼 CVE-2018-17145: Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (pdf)
https://invdos.net/paper/CVE-2018-17145.pdf

👀 👉🏼 https://www.zdnet.com/article/researcher-kept-a-major-bitcoin-bug-secret-for-two-years-to-prevent-attacks

#researcher #bitcoin #bug #INVDoS #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Welcome to the quantum Internet, with privacy guaranteed by the laws of physics

Quantum computing is gradually moving from the realm of science – and even science fiction – to become a practical technology that is being used in real-life contexts.

Three years ago, Privacy News Online wrote about one aspect – the possibility that quantum computers will be able to unlock all of today’s encryption, including the strongest. But increasingly, a more positive vision of quantum computing is emerging. It is centered around the creation of what is being called the quantum Internet.

That’s just a shorthand way of saying a global network of quantum computers and other devices based on the physics of quantum mechanics, able to exchange information much as ordinary systems do across today’s non-quantum Internet. But the quantum version has one crucial property that makes it of great importance for privacy: it offers a fundamentally secure way of communication in which privacy is guaranteed by the laws of physics.

That’s because the quantum bits – qubits – that move across a quantum network link are subject to the observer effect: any attempt to monitor them as they traverse the network would modify them. As a result, it will be evident when things like encryption keys or data have been compromised en route. There is no way around this – it is an inherent property of quantum mechanical systems – which is why so many companies and governments are exploring how to create quantum networks and the quantum Internet.

👀 👉🏼 https://www.privateinternetaccess.com/blog/welcome-to-the-quantum-internet-with-privacy-guaranteed-by-the-laws-of-physics/

👀 👉🏼 (pdf)
https://www.energy.gov/sites/prod/files/2020/07/f76/QuantumWkshpRpt20FINAL_Nav_0.pdf

#quantum #internet #privacy #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

In China, smart locks are being used to track citizens and enforce lockdowns

Proprietary "smart" devices are an absolute nightmare. If users can't audit the code they don't know what they are doing and the device works for the tech company selling it rather than the user.

👀 👉🏼 See here: https://moniotrlab.ccis.neu.edu/wp-content/uploads/2019/09/ren-imc19.pdf

On a really basic level think about the information someone can infer just by looking at data from devices like this:

Your door is opened and locked at 7:30 am everyday and then reopened and unlocked at 6:30 pm but never during the hours in between? Chances are you ....

👀 👉🏼 https://www.reddit.com/r/privacytoolsIO/comments/its9h7

#smart #locks #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Brussels’ plan to rein in Big Tech takes shape

The Commission is drawing up a list of actions tech companies can and can’t do, especially for the most powerful.

The EU is preparing for its biggest-ever effort to regulate the tech industry — drawing up extensive rules to govern what tech companies can and cannot do.

Three European Commission internal documents, seen by POLITICO, indicate that Brussels is drawing up a wide range of legislative tools to prohibit what it sees as anti-competitive behavior and oblige companies to do more to protect their users against illegal content and activities.

"This crisis has shown the role and the systemic character of certain platforms that often behave as if they were too big to care about legitimate concerns about their roles: too big to care," Internal Market Commissioner Thierry Breton told the European Parliament this week, an apparent reference to "too big to fail," a criticism leveled at powerful banks after the 2008 financial crisis.

The Commission is expected to present its proposals, known collectively as the Digital Services Act (DSA), in December. The legislative package will include content moderation requirements applying to a wide range of online platforms, as well as so-called ex ante rules for the largest tech companies.

The plans come as Big Tech companies are under intense scrutiny on both sides of the Atlantic.

👀 👉🏼 https://www.politico.eu/article/digital-services-act-brussels-plan-to-rein-in-big-tech-takes-shape-thierry-breton-margrethe-vestager/

👀 👉🏼 (PDF)
https://www.politico.eu/wp-content/uploads/2020/09/SKM_C45820093011040.pdf

#eu #blacklist #bigtech #DSA #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Internet history can be used for “reidentification” finds study by Mozilla

A recent research paper has reaffirmed that our internet history can be reliably used to identify us. The research was conducted by Sarah Bird, Ilana Segall, and Martin Lopatka from Mozilla and is titled: Replication: Why We Still Can’t Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories. The paper was released at the Symposium on Usable Privacy and Security and is a continuation of a 2012 paper that highlighted the same reidentifiability problem.

‼️ Just your internet history can be used to reidentify you on the internet ‼️

Using data from 52,000 consenting Firefox users, the researchers were able to identify 48,919 distinct browsing profiles which had 99% uniqueness.

This is especially concerning because internet history is routinely sold by your internet service provider (ISP) and mobile data provider to third party advertising and marketing firms which are demonstrably able to tie a list of sites back to an individual they already have a profile on – even if the ISP claims to be “anonymizing” the data being sold. This is a legally sanctioned activity ever since 2017 when Congress voted to get rid of broadband privacy and allow the monetization of this type of data collection.

This type of “history-based profiling” is undoubtedly being used to build ad profiles on internet users around the world. Previous studies have shown that an IP address usually stays static for about a month – which the researchers noted: “is more than enough time to build reidentifiable browsing profiles.”

👀 👉🏼 (PDF)
https://www.usenix.org/system/files/soups2020-bird.pdf

👀 👉🏼 https://www.cozyit.com/internet-history-can-be-used-for-reidentification-finds-study-by-mozilla/

#mozilla #study #research #internet #history #reidentification #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

FBI: Hackers stole source code from US government agencies and private companies

FBI blames intrusions on improperly configured SonarQube source code management tools.

The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses.

👀 👉🏼 Summary (PDF)
https://www.ic3.gov/Media/News/2020/201103-3.pdf

👀 👉🏼 https://www.zdnet.com/article/fbi-hackers-stole-source-code-from-us-government-agencies-and-private-companies

#hacker #usa #fbi #SonarQube #sourcecode #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

APT1- Exposing One of China’s Cyber Espionage Units

👀 👉🏼 (PDF)
https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf

#apt1 #china #cyber #espionage #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoola

Crypto Wars: Green light for contested EU declaration on decryption

Diplomats have approved the EU Council resolution on encryption drafted by the German government. IT companies should help with decryption.

🇬🇧 EU: Council set to adopt declaration against encryption
https://www.statewatch.org/news/2020/november/eu-council-set-to-adopt-declaration-against-encryption/

👀 👉🏼 🇩🇪 https://data.consilium.europa.eu/doc/document/ST-13245-2020-INIT/de/pdf

#eu #encryption #declaration #cryptowars #netpolitics #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The Age of Surveillance Capitalism - The Fight for a Human Future at the New Frontier of Power

The challenges to humanity posed by the digital future, the first detailed examination of the unprecedented form of power called "surveillance capitalism," and the quest by powerful corporations to predict and control our behavior.

In this masterwork of original thinking and research, Shoshana Zuboff provides startling insights into the phenomenon that she has named surveillance capitalism. The stakes could not be higher: a global architecture of behavior modification threatens human nature in the twenty-first century just as industrial capitalism disfigured the natural world in the twentieth.

👉🏼 PDF Reference Material:
https://t.me/BlackBox_Archiv/808

📻 The Age of #Surveillance #Capitalism #podcast

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@FLOSSb0xIN

Apple is sharing ‘A Day in the Life of Your Data’

28 January is Privacy Day and Apple is marking this occasion by sharing a study called ‘A Day in the Life of Your Data’, which walks users through a scenario of a father and daughter’s day at the playground and how their data is tracked by various websites and apps throughout.

https://www.apple.com/privacy/docs/A_Day_in_the_Life_of_Your_Data.pdf

https://www.ithinkdiff.com/apple-privacy-day-in-the-life-of-your-data/

#apple #yourdata #DeleteApple #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Pentest-Report Mullvad VPN & Servers 11.-12.2020

“Mullvad VPN AB is owned by parent company Amagicom AB. The name Amagicom isderived from the Sumerian word ama-gi – the oldest word for “freedom“ or, literally,“back to mother” in the context of slavery – and the abbreviation for communication.Amagicom stands for “free communication”.”

This document is dedicated to a presentation of a security-centered project carried outby Cure53 for Mullvad. More specifically, the report describes the results of a thoroughand comprehensive penetration test and source code audit against the Mullvad VPNservers, infrastructure and related web applications and other exposed services. Theproject was completed in late 2020

https://cure53.de/pentest-report_mullvad_2021_v1.pdf

#pentest #mullvad #vpn #report #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Pretty Good Phone Privacy

To receive service in today’s cellular architecture, phones uniquely identify themselves to towers and thus to operators. This is now a cause of major privacy violations, as operators sell and leak identity and location data of hundreds of millionsof mobile users.

In this paper, we take an end-to-end perspective on thecellular architecture and find key points of decoupling that enable us to protect user identity and location privacy with no changes to physical infrastructure, no added latency, and no requirement of direct cooperation from existing operators.

https://raghavan.usc.edu/papers/pgpp-arxiv20.pdf

#phone #privacy #study #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Online platforms: Economic and societal effects

Online platforms such as #Google, #Amazon, and #Facebook play an increasingly central role in the economy and society. They operate as digital intermediaries across interconnected sectors and markets subject to network effects. These firms have grown to an unprecedented scale, propelled by data-driven business models. Online platforms have a massive impact on individual users and businesses, and are recasting the relationships between customers, advertisers, workers and employers.

https://www.europarl.europa.eu/RegData/etudes/STUD/2021/656336/EPRS_STU(2021)656336_EN.pdf

#online #platforms #study #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google

We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins.

‼️ The phone IMEI, hardware serial number, SIM serial number and IMSI, handsetphone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this.

💡 When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Currently there are few, if any, realistic options for preventing this data sharing.

https://www.scss.tcd.ie/doug.leith/apple_google.pdf

#apple #google #study #telemetry #data #mobilephones #pdf
📡 @nogoolag @blackbox_archiv

How workplace surveillance is entering our homes and driving through our streets

The home is not the only space where workplace surveillance outside the office or factory is becoming more common. For many, work means driving a vehicle, and so installing cameras that monitor behavior there is an obvious step. Once more, AI is being applied to take such surveillance to the next level. One of the biggest rollouts of this approach is by Amazon to its 75,000 delivery vehicles

https://www.privateinternetaccess.com/blog/how-workplace-surveillance-is-entering-our-homes-and-driving-through-our-streets/

💡 http://www.itechgps.com/sites/itechbus/uploads/documents/Netradyne_Presentation.pdf

#workplace #surveillance #ai #amazon #DeleteAmazon #DickPunchBezos #netradyne #pdf #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

Apple Transparency Report: Government and Private Party Requests

Apple has released more iCloud content to authorities, end-to-end encryption is still missing.

User data was mainly sent to authorities in the U.S. and Brazil. In France, Sweden, Switzerland and the United Kingdom, Apple only transmitted iCloud data for one account request each, as the report lists. It remains unclear which of the partly sensitive data was transferred in detail and for what reason. In the new transparency report, Apple has confirmed for the first time that iCloud content may also be passed on in emergency requests from authorities - for example, to search for missing persons.

https://www.apple.com/legal/transparency/pdf/requests-2020-H1-en.pdf

#icloud #apple #requests #transparency #report #pdf
📡 @nogoolag 📡 @blackbox_archiv

All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers

Contact discovery allows users of mobile messengers to conveniently connect with people in their address book.
In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods.

Our study of three popular mobile messengers (WhatsApp, Signal, and Telegram) shows that, contrary to expectations, largescale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we have queried 10 % of US mobile phone numbers for WhatsApp and 100 % for Signal. For Telegram we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service.

https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-3_23159_paper.pdf

#contact #messenger #telegram #whatsapp #signal #crawling #attacks #study #pdf
📡 @nogoolag 📡 @blackbox_archiv

Security and Privacy Risks of Number Recycling at Mobile Carriers in the United States

35 million phone numbers are disconnected in the U.S. every year. Standard industry practice is to reassign those numbers to other subscribers. But this leads to many types of security and privacy risks, which our study analyzes rigorously.

https://recyclednumbers.cs.princeton.edu/assets/recycled-numbers-latest.pdf

https://recyclednumbers.cs.princeton.edu/

#security #privacy #phone #number #recycling #usa #mobile #carriers #pdf
📡 @nogoolag 📡 @blackbox_archiv

COMMON LAW HANDBOOK
FOR JUROR’S, SHERIFF’S,
BAILIFF’S, AND JUSTICE’S

#HiddenLaws #PDF

OSS Document Scanner

Open Source app to #scan all your #documents. You either scan using your camera or by importing an image. The app will automatically detect you document within the photo and will crop the image.

Once the document is created you can detect text within the document using #OCR.

You can also share your document as a #PDF. If you want you can synchronize the app data with a webdav server (like nextloud) to never loose anything!

https://github.com/Akylas/com.akylas.documentscanner

https://apt.izzysoft.de/fdroid/index/apk/com.akylas.documentscanner