Can you tell the two apart?

Avoir une application de test permettant un accès root à un terminal, c’est utile en usine. Mais certains constructeurs semblent quelque peu négligents. Ainsi, OnePlus a laissé sur les versions utilisateurs de ses smartphones une application usine. Et le Chinois n’est pas le seul concerné.

La CNIL annonce la mise en demeure de l’application Whatsapp. La Commission de protection de la vie privée demande à l’application de messagerie de se conformer à la loi pour la transmission de données personnelles vers Facebook.

Les logiciels produits par les administrations publiques devront dorénavant obligatoirement être publiés par défaut en Open Source

À la fin du mois de novembre, le secrétaire d’État chargé du numérique Mounir Mahjoubi demandait directement à Uber de publier plus de détails sur le nombre d’utilisateurs français touchés par l’attaque ont avait été victime en 2016 l’application de VTC. Uber a fini par s’exécuter et a publié vendredi les détails sur cette attaque : dans un post de blog, l’application précise qu’environ 1,4 million d’utilisateurs français ont été affectés par l’attaque. Uber précise néanmoins que ce chiffre n’est qu’une estimation, car les informations collectées par l’application ne permettent pas de connaître avec certitude le lieu de résidence de l’utilisateur.

Android Fastest Barcode & QR Code Reader is the best tool for scanning Barcode & QR code instantly within 2-5 Seconds. Below are some features of this app

A simple shared budget manager web application
https://ihatemoney.org

Win7, Win81 and Win10 virtual machines (These virtual machines expire after 90 days)

Infrared (IR) light is invisible to humans, but cameras are optically sensitive to this type of light.
In this paper, we show how attackers can use surveillance cameras and infrared light to establish bi-directional covert communication between the internal networks of organizations and remote attackers. We present two scenarios: exfiltration (leaking data out of the network) and infiltration (sending data into the network). Exfiltration. Surveillance and security cameras are equipped with IR LEDs, which are used for night vision. In the exfiltration scenario, malware within the organization access the surveillance cameras across the local network and controls the IR illumination. Sensitive data such as PIN codes, passwords, and encryption keys are then modulated, encoded, and transmitted over the IR signals. Infiltration. In an infiltration scenario, an attacker standing in a public area (e.g., in the street) uses IR LEDs to transmit hidden signals to the surveillance camera(s). Binary data such as command and control (C&C) and beacon messages are encoded on top of the IR signals. The exfiltration and infiltration can be combined to establish bidirectional, 'air-gap' communication between the compromised network and the attacker. We discuss related work and provide scientific background about this optical channel. We implement a malware prototype and present data modulation schemas and a basic transmission protocol. Our evaluation of the covert channel shows that data can be covertly exfiltrated from an organization at a rate of 20 bit/sec per surveillance camera to a distance of tens of meters away. Data can be covertly infiltrated into an organization at a rate of over 100 bit/sec per surveillance camera from a distance of hundreds of meters to kilometers away.

It seems like the Cyber Security Lab at Ben-Gurion University is the place where air gaps go to die. They’ve knocked off an impressive array of air gap bridging hacks, like modulating power supply fans and hard drive activity indicators. The current work centers on the IR LED arrays commonly seen encircling the lenses of security cameras for night vision illumination. When a networked camera is compromised with their “aIR-Jumper” malware package, data can be exfiltrated from an otherwise secure facility. Using the camera’s API, aIR-Jumper modulates the IR array for low bit-rate data transfer. The receiver can be as simple as a smartphone, which can see the IR light that remains invisible to the naked eye. A compromised camera can even be used to infiltrate data into an air-gapped network, using cameras to watch for modulated signals. They also demonstrated how arrays of cameras can be federated to provide higher data rates and multiple covert channels with ranges of up to several kilometers.

Sync your browsers with Nextcloud (WebExtension: Chrome/Firefox/Opera)

Browser extension for Nextcloud Bookmarks

Paris, le 20 décembre 2017 - Avant-hier, la CNIL a annoncé mettre en demeure WhatsApp de corriger son système de transfert de données personnelles à Facebook. L'entreprise a un mois pour ce faire, sous peine d'être sanctionnée (le montant maximal de l'amende est de 3 millions d'euros). La CNIL considère ce transfert illicite car se fondant sur le consentement forcé des utilisateurs, ceux-ci ne pouvant s'y opposer qu'en renonçant à utiliser le service. La Quadrature du Net se réjouit de l'analyse faite par la CNIL, car c'est exactement celle qu'elle défend depuis des années. Les conséquences en seront particulièrement importantes.

Using only publicly available information, we have been able to decrypt the service provider ID numbers in the 10% sample of Medicare Benefits Schedule (MBS) published recently at the Federal Government’s data.gov.au website. We did not decrypt Patient ID numbers.

This research work is aimed at understanding mathematical facts about encryption and anonymization, in order to ensure that the security of government data is preserved in the face of the inevitable efforts of external parties who may be prepared to break the law and attempt to re-identify the data. There are numerous benefits to open government data, but it’s important to understand the mathematical techniques for protecting that data, so that the benefits can be derived with a clear understanding that individual privacy is not breached.

Update: someone pointed out that PayPal actually reveals the last four digits of the phone numbers, so this technique may work for large countries as well if the target has its phone linked to its PayPal account.

Last month, I discovered it is relatively simple to reveal private phone numbers on Facebook, uncovering some phone numbers of Belgian celebs and politicians. Even though this trick only seems to work in small countries such as Belgium (+/- 11.2 million people), a significant number of people is affected by this simple, yet effective privacy leak.