Forwarded from BlackBox (Security) Archiv
This media is not supported in your browser
VIEW IN TELEGRAM
17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device
Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer.
Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser.
📺 https://thehackernews.com/2019/07/firefox-same-origin-policy-hacking.html
#Weakness #Firefox #Mozilla #SOP #HTML #poc #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer.
Barak Tawily, an application security researcher, shared his findings with The Hacker News, wherein he successfully developed a new proof-of-concept attack against the latest version of Firefox by leveraging a 17-year-old known issue in the browser.
📺 https://thehackernews.com/2019/07/firefox-same-origin-policy-hacking.html
#Weakness #Firefox #Mozilla #SOP #HTML #poc #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
Further study proves lie of “anonymous” data
Anonymous data is often not really anonymous at all, in many data records individuals can be uniquely identified even without a name. A new study illustrates the amazing precision with which this can be done. Many companies and databases undermine the basic data protection regulation.
Not everywhere where it says anonymous is also anonymous in it. This is made clear by a study in the scientific journal “Nature”. The researchers can identify 99.98 percent of Americans in each data set, with only 15 characteristics such as age, place of residence or nationality.
The scientists’ example: a cheap health insurance company sells customer data, but only “anonymously” and only from a fraction of the database. The study makes it clear: this is not true anonymity, the data is not secure. People are simply too unique to hide in databases. Removing names only makes records pseudonymous, not anonymous. With an online tool, anyone can trace the de-anonymization themselves.
The authors write that “even highly fragmented anonymized data records do not meet the modern anonymization standards of the Basic Data Protection Ordinance”. Their results question “the technical and legal adequacy” of simply deleting directly identifying data types and not worrying about identifiability using other data types.
Data is never completely anonymous
“The study once again shows very beautifully what we have known for a long time,” says data protection researcher Wolfie Christl to netzpolitik.org. “As long as data records relating to individuals are being processed, no form of anonymization can prevent individuals from being reidentified with complete certainty.
👉🏼 Read the full (translated) story without ads n shit:
https://rwtxt.lelux.fi/blackbox/further-study-proves-lie-of-anonymous-data
#study #data #anonymous #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Anonymous data is often not really anonymous at all, in many data records individuals can be uniquely identified even without a name. A new study illustrates the amazing precision with which this can be done. Many companies and databases undermine the basic data protection regulation.
Not everywhere where it says anonymous is also anonymous in it. This is made clear by a study in the scientific journal “Nature”. The researchers can identify 99.98 percent of Americans in each data set, with only 15 characteristics such as age, place of residence or nationality.
The scientists’ example: a cheap health insurance company sells customer data, but only “anonymously” and only from a fraction of the database. The study makes it clear: this is not true anonymity, the data is not secure. People are simply too unique to hide in databases. Removing names only makes records pseudonymous, not anonymous. With an online tool, anyone can trace the de-anonymization themselves.
The authors write that “even highly fragmented anonymized data records do not meet the modern anonymization standards of the Basic Data Protection Ordinance”. Their results question “the technical and legal adequacy” of simply deleting directly identifying data types and not worrying about identifiability using other data types.
Data is never completely anonymous
“The study once again shows very beautifully what we have known for a long time,” says data protection researcher Wolfie Christl to netzpolitik.org. “As long as data records relating to individuals are being processed, no form of anonymization can prevent individuals from being reidentified with complete certainty.
👉🏼 Read the full (translated) story without ads n shit:
https://rwtxt.lelux.fi/blackbox/further-study-proves-lie-of-anonymous-data
#study #data #anonymous #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
This media is not supported in your browser
VIEW IN TELEGRAM
Privacy Analysis of Tiktok’s App and Website (#PoC)
I did a detailed privacy check of the Tiktok app and website. Tiktok commits multiple breaches of law, trust, transparency and data protection.
Here are all technical and legal details. You can read a less technical article about it at the Süddeutsche Zeitung (german).
This is my setup: I used #mitmproxy to route all #app #traffic for #analysis. See in this #video how device information, usage time and watched videos are sent to #Appsflyer and #Facebook.
Hard to believe that this is covered by „legitimate interest“ and transparency: Entered search terms are sent to Facebook...
👉🏼 Read more:
https://rufposten.de/blog/2019/12/05/privacy-analysis-of-tiktoks-app-and-website/
#TikTok #PoC
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
I did a detailed privacy check of the Tiktok app and website. Tiktok commits multiple breaches of law, trust, transparency and data protection.
Here are all technical and legal details. You can read a less technical article about it at the Süddeutsche Zeitung (german).
This is my setup: I used #mitmproxy to route all #app #traffic for #analysis. See in this #video how device information, usage time and watched videos are sent to #Appsflyer and #Facebook.
Hard to believe that this is covered by „legitimate interest“ and transparency: Entered search terms are sent to Facebook...
👉🏼 Read more:
https://rufposten.de/blog/2019/12/05/privacy-analysis-of-tiktoks-app-and-website/
#TikTok #PoC
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
This media is not supported in your browser
VIEW IN TELEGRAM
Browser activating the front-facing camera: Big Brother or just a bug?
This post is about a disturbing (in terms of privacy) situation that we have recently encountered.
Here’s what happened: we were approached by one of our readers, who claimed that when he was reading our website (which, ironically, has the BanCam anti-facial recognition campaign banner on a main page), the front-facing camera was activated.
📺 https://youtu.be/JVrfUhc6l0M
👉🏽 Read more:
https://medium.com/@mva.name/browser-activating-the-front-facing-camera-big-brother-or-just-a-bug-e7a2ff9d6856
#Google #camera #popup #DeleteGoogle #PoC #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
This post is about a disturbing (in terms of privacy) situation that we have recently encountered.
Here’s what happened: we were approached by one of our readers, who claimed that when he was reading our website (which, ironically, has the BanCam anti-facial recognition campaign banner on a main page), the front-facing camera was activated.
📺 https://youtu.be/JVrfUhc6l0M
👉🏽 Read more:
https://medium.com/@mva.name/browser-activating-the-front-facing-camera-big-brother-or-just-a-bug-e7a2ff9d6856
#Google #camera #popup #DeleteGoogle #PoC #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
This media is not supported in your browser
VIEW IN TELEGRAM
Xiaomi phone logging browser use
A researcher shows how his Xiaomi phone is tracking his web use, including a visit to PornHub.
https://invidio.us/watch?v=62kxZunBQyI
#PoC #Xiaomi #logging #browser
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
A researcher shows how his Xiaomi phone is tracking his web use, including a visit to PornHub.
https://invidio.us/watch?v=62kxZunBQyI
#PoC #Xiaomi #logging #browser
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
Xiaomi Devices Found Tracking And Recording Browsing Data Of Millions
The tracking extends to browser's Incognito mode as well !!
Xiaomi has been tracking and recording an insane amount of private data, from user’s phone habits to queries in the Xiaomi’s default browsers.
According to a cybersecurity researcher, Cirlig, Xiaomi records all the search queries and items viewed on its default browser (Mi Browser Pro) as well as on the Mint browser. The tracking extends to Incognito mode as well.
The researcher was able to confirm the same pattern on other Xiaomi phones, including Mi 10, Redmi K20, and Mi MIX 3.
Xiaomi, in response, confirmed that it collects browsing data. However, the company says the data sent is anonymized, and users have consented to the data tracking. Meanwhile, it denied claims of information being monitored in Incognito mode.
The researcher, however, was able to prove that Xiaomi is recording Incognito mode data as well. In a video, he showcases how the information of him visiting a porn website in incognito mode is being sent to the servers.
👉🏼 Read more:
https://fossbytes.com/xiaomi-devices-found-tracking-and-recording-browsing-data-of-millions/
#PoC #Xiaomi #spy #logging #browser #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
The tracking extends to browser's Incognito mode as well !!
Xiaomi has been tracking and recording an insane amount of private data, from user’s phone habits to queries in the Xiaomi’s default browsers.
According to a cybersecurity researcher, Cirlig, Xiaomi records all the search queries and items viewed on its default browser (Mi Browser Pro) as well as on the Mint browser. The tracking extends to Incognito mode as well.
The researcher was able to confirm the same pattern on other Xiaomi phones, including Mi 10, Redmi K20, and Mi MIX 3.
Xiaomi, in response, confirmed that it collects browsing data. However, the company says the data sent is anonymized, and users have consented to the data tracking. Meanwhile, it denied claims of information being monitored in Incognito mode.
The researcher, however, was able to prove that Xiaomi is recording Incognito mode data as well. In a video, he showcases how the information of him visiting a porn website in incognito mode is being sent to the servers.
👉🏼 Read more:
https://fossbytes.com/xiaomi-devices-found-tracking-and-recording-browsing-data-of-millions/
#PoC #Xiaomi #spy #logging #browser #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
This media is not supported in your browser
VIEW IN TELEGRAM
Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE (PoC)
Voice over LTE (VoLTE) is a packet-based telephony service seamlessly integrated into the Long Term Evolution (LTE) standard. By now all major telecommunication operators use VoLTE. To secure the phone calls, VoLTE encrypts the voice data between the phone and the network with a stream cipher. The stream cipher shall generate a unique keystream for each call to prevent the problem of keystream reuse.
👀 👉🏼 https://revolte-attack.net/
#hack #LTE #VoLTE #poc #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Voice over LTE (VoLTE) is a packet-based telephony service seamlessly integrated into the Long Term Evolution (LTE) standard. By now all major telecommunication operators use VoLTE. To secure the phone calls, VoLTE encrypts the voice data between the phone and the network with a stream cipher. The stream cipher shall generate a unique keystream for each call to prevent the problem of keystream reuse.
👀 👉🏼 https://revolte-attack.net/
#hack #LTE #VoLTE #poc #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Forwarded from BlackBox (Security) Archiv
Kindle Collects a Surprisingly Large Amount of Data
Turns out, Kindle Collects a Ton of Data
The Kindle sends device information, usage metadata, and details about every interaction with the device (or app) while it's being used. All of this is linked directly to the reader account.
Opening the app, reading a book, flipping through a few pages, then closing the book sends over 100 requests to Amazon servers.
👀 👉🏼 https://nullsweep.com/kindle-collects-a-surprisingly-large-amount-of-data/
#kindle #surveillance #data #collection #amazon #DeleteAmazon #thinkabout #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Turns out, Kindle Collects a Ton of Data
The Kindle sends device information, usage metadata, and details about every interaction with the device (or app) while it's being used. All of this is linked directly to the reader account.
Opening the app, reading a book, flipping through a few pages, then closing the book sends over 100 requests to Amazon servers.
👀 👉🏼 https://nullsweep.com/kindle-collects-a-surprisingly-large-amount-of-data/
#kindle #surveillance #data #collection #amazon #DeleteAmazon #thinkabout #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Forwarded from BlackBox (Security) Archiv
F5 Big-IP RCE writeup + full exploit
When TEAMARES began research into the vulnerability identified in the F5 TMUI RCE vulnerability advisory released last month, we initially started by reading the advisory and mitigation steps, which contained minimal details but included key pieces of information needed to kick off our research. The advisory states that the vulnerability impacts a variety of capabilities when exploited, including the ability to execute arbitrary Java code, which stood out to us.
👀 👉🏼 https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/
👀 👉🏼 https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902
#f5 #ip #remote #code #execution #exploit #teamares #poc #writeup
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
When TEAMARES began research into the vulnerability identified in the F5 TMUI RCE vulnerability advisory released last month, we initially started by reading the advisory and mitigation steps, which contained minimal details but included key pieces of information needed to kick off our research. The advisory states that the vulnerability impacts a variety of capabilities when exploited, including the ability to execute arbitrary Java code, which stood out to us.
👀 👉🏼 https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/
👀 👉🏼 https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902
#f5 #ip #remote #code #execution #exploit #teamares #poc #writeup
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Forwarded from BlackBox (Security) Archiv
You are not anonymous on Tor - Last February, my Tor onion service came under a huge Tor-based distributed denial-of-service (DDoS) attack
I spent days analyzing the attack, developing mitigation options, and defending my server. (The Tor service that I run for the Internet Archive was down for a few hours, but I managed to keep it up and running through most of the attack.)
While trying to find creative ways to keep the service up, I consulted a group of friends who are very active in the network incident response field. Some of these are the people who warn the world about new network attacks. Others are very experienced at tracking down denial-of-service attacks and their associated command-and-control (C&C) servers. I asked them if they could help me find the source of the attack. "Sure," they replied. They just needed my IP address.
I read off the address: "152 dot" and they repeated back "152 dot". "19 dot" "19 dot" and then they told me the rest of the network address. (I was stunned.) Tor is supposed to be anonymous. You're not supposed to know the IP address of a hidden service. But they knew. They had been watching the Tor-based DDoS. They had a list of the hidden service addresses that were being targeted by the attack. They just didn't know that this specific address was mine.
As it turns out, this is an open secret among the internet service community: You are not anonymous on Tor !!
💡 Threat Modeling
There are plenty of documents that cover how Tor triple-encrypts packets, selects a route using a guard, relay, and exit, and randomizes paths to mix up the network traffic. However, few documents cover the threat model. Who can see your traffic?
👀 👉🏼 https://www.hackerfactor.com/blog/index.php?/archives/896-Tor-0day-Finding-IP-Addresses.html
#tor #onion #service #zeroday #DDoS #attacks #anonymous #poc #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
I spent days analyzing the attack, developing mitigation options, and defending my server. (The Tor service that I run for the Internet Archive was down for a few hours, but I managed to keep it up and running through most of the attack.)
While trying to find creative ways to keep the service up, I consulted a group of friends who are very active in the network incident response field. Some of these are the people who warn the world about new network attacks. Others are very experienced at tracking down denial-of-service attacks and their associated command-and-control (C&C) servers. I asked them if they could help me find the source of the attack. "Sure," they replied. They just needed my IP address.
I read off the address: "152 dot" and they repeated back "152 dot". "19 dot" "19 dot" and then they told me the rest of the network address. (I was stunned.) Tor is supposed to be anonymous. You're not supposed to know the IP address of a hidden service. But they knew. They had been watching the Tor-based DDoS. They had a list of the hidden service addresses that were being targeted by the attack. They just didn't know that this specific address was mine.
As it turns out, this is an open secret among the internet service community: You are not anonymous on Tor !!
💡 Threat Modeling
There are plenty of documents that cover how Tor triple-encrypts packets, selects a route using a guard, relay, and exit, and randomizes paths to mix up the network traffic. However, few documents cover the threat model. Who can see your traffic?
👀 👉🏼 https://www.hackerfactor.com/blog/index.php?/archives/896-Tor-0day-Finding-IP-Addresses.html
#tor #onion #service #zeroday #DDoS #attacks #anonymous #poc #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Forwarded from BlackBox (Security) Archiv
You are not anonymous on Tor
👀 👉🏼 https://t.me/BlackBox_Archiv/1252
#tor #onion #service #zeroday #DDoS #attacks #anonymous #poc #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
👀 👉🏼 https://t.me/BlackBox_Archiv/1252
#tor #onion #service #zeroday #DDoS #attacks #anonymous #poc #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Forwarded from BlackBox (Security) Archiv
Exploitation of LAN vulnerability found in Firefox for Android (PoC)
I tested this PoC exploit on 3 devices on same wifi, it worked pretty well.
I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below)
👀 👉🏼 https://twitter.com/LukasStefanko/status/1307013106615418883
👀 👉🏼 Firefox for Android LAN-Based Intent Triggering:
https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020
#android #security #exploit #firefox #LAN #vulnerability #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
I tested this PoC exploit on 3 devices on same wifi, it worked pretty well.
I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below)
👀 👉🏼 https://twitter.com/LukasStefanko/status/1307013106615418883
👀 👉🏼 Firefox for Android LAN-Based Intent Triggering:
https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020
#android #security #exploit #firefox #LAN #vulnerability #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Forwarded from BlackBox (Security) Archiv
This media is not supported in your browser
VIEW IN TELEGRAM
Allow arbitrary URLs, expect arbitrary code execution
We found and reported 1-click code execution vulnerabilities in popular software including Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble
Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction
Code execution can be achieved either when a URL pointing to a malicious executable (.desktop, .jar, .exe, …) hosted on an internet accessible file share (nfs, webdav, smb, …) is opened, or an additional vulnerability in the opened application’s URI handler is exploited
Vulnerabilities following this pattern have already been found in other software, with more expected to be revealed going forward
https://positive.security/blog/url-open-rce
#vulnerabilities #url #arbitrary #code #execution #poc #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
We found and reported 1-click code execution vulnerabilities in popular software including Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble
Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction
Code execution can be achieved either when a URL pointing to a malicious executable (.desktop, .jar, .exe, …) hosted on an internet accessible file share (nfs, webdav, smb, …) is opened, or an additional vulnerability in the opened application’s URI handler is exploited
Vulnerabilities following this pattern have already been found in other software, with more expected to be revealed going forward
https://positive.security/blog/url-open-rce
#vulnerabilities #url #arbitrary #code #execution #poc #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Forwarded from BlackBox (Security) Archiv
This media is not supported in your browser
VIEW IN TELEGRAM
Facebook Email to profile vulnerability
A video shared with researchers and Motherboard shows a tool linking email addresses to Facebook accounts
A tool lets a user see which email address is linked to a Facebook account even if the Facebook user didn't publicly advertise their address, according to a video sent to various researchers and Motherboard.
The news presents another significant privacy issue for Facebook, which is continuing to face a series of data leaks around phone numbers and other data.
https://twitter.com/UnderTheBreach/status/1384552368512159744
https://www.vice.com/en/article/bvz8pz/tool-finds-facebook-email-addresses
#tool #facebook #DeleteFacebook #poc #email #accounts #video
📡 @nogoolag 📡 @blackbox_archiv
A video shared with researchers and Motherboard shows a tool linking email addresses to Facebook accounts
A tool lets a user see which email address is linked to a Facebook account even if the Facebook user didn't publicly advertise their address, according to a video sent to various researchers and Motherboard.
The news presents another significant privacy issue for Facebook, which is continuing to face a series of data leaks around phone numbers and other data.
https://twitter.com/UnderTheBreach/status/1384552368512159744
https://www.vice.com/en/article/bvz8pz/tool-finds-facebook-email-addresses
#tool #facebook #DeleteFacebook #poc #email #accounts #video
📡 @nogoolag 📡 @blackbox_archiv