Kulturstaat.md (50)

!NO
!noid

Major ISP Accused of Mass Malware Attack on Customers
https://hatenablog-parts.com/embed?url=https://hackread.com/isp-mass-malware-attack-on-customers/</a>" frameborder="0">https://hackread.com/isp-mass-malware-attack-on-customers/

A major South Korean ISP is accused of installing malware on over 600,000 customers’ PCs to curb torrent traffic, raising concerns about user privacy and ethical business practices.

Family Location Tracker App Life360 Breach: 443,000 Users’ Data Leaked
https://hatenablog-parts.com/embed?url=https://hackread.com/family-location-tracker-app-life360-breach-data-leak/</a>" frameborder="0">https://hackread.com/family-location-tracker-app-life360-breach-data-leak/

>>3
Leaked Life360 Data

According to the analysis of the leaked database by the Hackread.com Research Team, it can be confirmed that the number of users impacted by the breach is 443,223. The personal details leaked include the following information:

よめない🥺

Port Shadow Attack Allows VPN Traffic Interception, Redirection
https://hatenablog-parts.com/embed?url=https://www.securityweek.com/port-shadow-attack-allows-vpn-traffic-interception-redirection/</a>" frameborder="0">https://www.securityweek.com/port-shadow-attack-allows-vpn-traffic-interception-redirection/

The Port Shadow attack enables threat actors to target others who are using the same VPN server. Specifically, VPN servers have a shared resource called a port, with each connection being assigned to a port.

According to the researchers, an attacker can “shadow their own information on a victim’s port as a shared resource”.

“By carefully crafting packets from within the attacker’s own connection to the VPN server and from a remote Internet location controlled by the attacker, it is possible to carry out attacks on other VPN users who are using the same VPN server in a manner that is very similar to the attacks that could be carried out on shared WiFi,” they explained.

The researchers demonstrated how an attacker can leverage Port Shadow to act as an in-path router between the targeted user and the VPN server, enabling them to intercept and redirect encrypted traffic, deanonymize a VPN peer, and conduct port scans.

>>6
In the case of end users, connecting to a private VPN server is the best way to protect themselves against such attacks. ShadowSocks and Tor are not impacted.

AT&T Confirms Data Breach Affecting Nearly All Wireless Customers
https://hatenablog-parts.com/embed?url=https://thehackernews.com/2024/07/at-confirms-data-breach-affecting.html</a>" frameborder="0">https://thehackernews.com/2024/07/at-confirms-data-breach-affecting.html

"Threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated files containing AT&T records of customer call and text interactions that occurred between approximately May 1 and October 31, 2022, as well as on January 2, 2023," it said.

Disney’s Internal Slack Breached? NullBulge Leaks 1.1 TiB of Data
https://hatenablog-parts.com/embed?url=https://hackread.com/disneys-internal-slack-breached-nullbulge-leak-data/</a>" frameborder="0">https://hackread.com/disneys-internal-slack-breached-nullbulge-leak-data/

A self-proclaimed hacktivist group named NullBulge, aiming to “protect artists’ rights and ensure fair compensation for their work,” claims to have breached Disney and leaked 1.1 TiB (1.2 TB) of the company’s internal Slack infrastructure. These claims were posted on the notorious cybercrime and hacker platform Breach Forums on July 12, 2024.

🤔

サイバー攻撃を受けるとお金がかかる
～インシデント損害額調査レポートから考えるサイバー攻撃の被害額～
調査研究部会インシデント被害調査ワーキンググループ
https://hatenablog-parts.com/embed?url=https://www.jnsa.org/result/incidentdamage/202407.html</a>" frameborder="0">https://www.jnsa.org/result/incidentdamage/202407.html

>>10
セキュリティ投資と被害額がトレードオフになる日がくるとは思えないんだけど🤔

Apple Removes VPN Apps from Russian App Store as Censorship Tightens

https://hatenablog-parts.com/embed?url=https://hackread.com/apple-removes-vpn-apps-russian-app-store-censorship/</a>" frameborder="0">https://hackread.com/apple-removes-vpn-apps-russian-app-store-censorship/

>>12
“違法”VPNへのアクセス制限を強化するロシア当局
https://hatenablog-parts.com/embed?url=https://p2ptk.org/privacy/3661</a>" frameborder="0">https://p2ptk.org/privacy/3661

違法の基準がよくわからないけどどこかの法律改正の段階で新規VPNクライアントの配布を違法化してたよね、確か

インターネットからIXの切り離しの試験もしてるし巨大なイントラネットでも成立するもんだなあって

Researchers Track Identities and Locations of CSAM Users via Malware Logs
https://hatenablog-parts.com/embed?url=https://hackread.com/tracking-identities-locations-csam-users-malware-logs/</a>" frameborder="0">https://hackread.com/tracking-identities-locations-csam-users-malware-logs/

Infostealer steals sensitive data like login credentials, OS details, autofill data, screenshots, credit card numbers, cryptocurrency wallets, and browsing history through phishing, spam campaigns, fake update websites, SEO poisoning, and malvertising. It creates an infostealer log to store this data and transmits it back to the threat actor’s servers.

>>14
何年か前にどっかの警察が押収したフォーラム運営してたな...
FC2の連中は捕まえてもいいと思います

Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months
https://hatenablog-parts.com/embed?url=https://thehackernews.com/2024/07/singapore-banks-to-phase-out-otps-for.html</a>" frameborder="0">https://thehackernews.com/2024/07/singapore-banks-to-phase-out-otps-for.html

Strategies for Tracking Individual IP Packets Towards DDoS
https://hatenablog-parts.com/embed?url=https://arxiv.org/abs/2407.10985</a>" frameborder="0">https://arxiv.org/abs/2407.10985

🚨#DDoS

🇯🇵#Japan - The politically motivated hacker collective NoName057(16) continues its DDoS campaign against Japanese infrastructure.

The hacktivist group claims today's attacks are in response to Japan's decision to allocate $3.3 billion to Ukraine, strengthen ties with https://hatenablog-parts.com/embed?url=https://www.sotwe.com/tweet/1813903646624567788</a>" frameborder="0">https://www.sotwe.com/tweet/1813903646624567788

https://i.imgur.com/EEbo9mn.jpeg" data-lightbox="image">https://i.imgur.com/EEbo9mn.jpeg" loading="lazy">
https://i.imgur.com/EEbo9mn.jpeg

🚨🚨🚨 #CyberAttack 🚨🚨🚨

🇯🇵 #Japan: Hoya Corporation - Hackers Demanded $10,000,000

Hoya Corporation, one of the largest global manufacturers of optical products, has been listed as a victim by the Hunters International ransomware group.

Allegedly, 2 TB (1,771,224 files) of
https://i.imgur.com/oZdlLWi.jpeg" data-lightbox="image">https://i.imgur.com/oZdlLWi.jpeg" loading="lazy">
https://i.imgur.com/oZdlLWi.jpeg
https://hatenablog-parts.com/embed?url=https://www.sotwe.com/tweet/1813216422446637114</a>" frameborder="0">https://www.sotwe.com/tweet/1813216422446637114

KADOKAWAの件で騒いでた人たちは何処に行ったんだろう🤔

Tracking Patterns in Toxicity and Antisocial Behavior Over User Lifetimes on Large Social Media Platforms
https://hatenablog-parts.com/embed?url=https://arxiv.org/abs/2407.09365</a>" frameborder="0">https://arxiv.org/abs/2407.09365

Reddit and Wikipedia users tended to become less toxic over their life cycles on the site in the early (pre-2013) history of the site, but more toxic over their life cycles in the later (post-2013) history of the site. We also find that toxicity on Reddit and Wikipedia differ in a key way, with the most toxic behavior on Reddit exhibited in aggregate by the most active users, and the most toxic behavior on Wikipedia exhibited in aggregate by the least active users.

The Role of Network and Identity in the Diffusion of Hashtags
https://hatenablog-parts.com/embed?url=https://arxiv.org/abs/2407.12771</a>" frameborder="0">https://arxiv.org/abs/2407.12771

>>22
アーキテクチャの生態系みたいな話ししてる

面白い

"Security Is Our Top Priority" is BS
https://hatenablog-parts.com/embed?url=https://blog.waleson.com/2024/07/security-is-our-top-priority-is-bs.html</a>" frameborder="0">https://blog.waleson.com/2024/07/security-is-our-top-priority-is-bs.html

1.Security is limitless. You can always spend more effort to make things more secure. The same goes for quality, safety, employee happiness, etc.

2.The needs of security are opposed to the needs of a convenient user experience. Improving one typically hurts the other.

It’s never been easier for the cops to break into your phone
https://hatenablog-parts.com/embed?url=https://www.theverge.com/24199357/fbi-trump-rally-shooter-phone-thomas-matthew-crooks-quantico-mdtf</a>" frameborder="0">https://www.theverge.com/24199357/fbi-trump-rally-shooter-phone-thomas-matthew-crooks-quantico-mdtf

Just two days after the attempted assassination at former President Donald Trump’s rally in Butler, Pennsylvania, the FBI announced it “gained access” to the shooter’s phone. The bureau has not disclosed how it broke into the phone — or what has been found on it — but the speed with which the agency did so is significant, and security experts say it points to the increased efficacy of phone hacking tools.

おー防弾ぶり？

ベンダーがバックドア提供してんじゃないの

国家公安委員会（警察庁） - 落札者等の公示
スマートフォン用データ抽出装置46式
https://hatenablog-parts.com/embed?url=https://www.jetro.go.jp/gov_procurement/national/articles/319942/2024070101000005.html</a>" frameborder="0">https://www.jetro.go.jp/gov_procurement/national/articles/319942/2024070101000005.html

>>29
落札者わかるから何使ってるかわかるねえ🫠

謎定期

>>28
Googleに潰されてオコなんだ🤣

Google: Stop Burning Counterterrorism Operations
https://hatenablog-parts.com/embed?url=https://poppopret.org/2024/06/24/google-stop-burning-counterterrorism-operations/</a>" frameborder="0">https://poppopret.org/2024/06/24/google-stop-burning-counterterrorism-operations/

Cloudflare reports almost 7% of internet traffic is malicious
https://hatenablog-parts.com/embed?url=https://www.zdnet.com/article/cloudflare-reports-almost-7-percent-of-internet-traffic-is-malicious/</a>" frameborder="0">https://www.zdnet.com/article/cloudflare-reports-almost-7-percent-of-internet-traffic-is-malicious/

What's driving this increase in threats? Cloudflare, the content delivery network and security services company, thinks the rise is due to wars and elections. For example, many attacks against Western-interest websites are coming from pro-Russian hacktivist groups such as REvil, KillNet, and Anonymous Sudan.

RockYou2024: 10 billion passwords leaked in the largest compilation of all time
https://hatenablog-parts.com/embed?url=https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/</a>" frameborder="0">https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/

The largest password compilation with nearly ten billion unique passwords was leaked on a popular hacking forum. The Cybernews research team believes the leak poses severe dangers to users prone to reusing passwords.

>>34
😔

https://hatenablog-parts.com/embed?url=https://github.com/exploit-development/RockYou2024</a>" frameborder="0">https://github.com/exploit-development/RockYou2024

Not really.
Only some 10% of the passwords are new. Most are old ones from the 2021 leak. That is why it did not make big news this time.
Not worth the 45GB downloa

China's FortiGate attacks more extensive than first thought
https://hatenablog-parts.com/embed?url=https://www.theregister.com/2024/06/12/chinas_targeting_of_fortigate_systems/</a>" frameborder="0">https://www.theregister.com/2024/06/12/chinas_targeting_of_fortigate_systems/

The NCSC first published details of a Chinese state-sponsored malware campaign in February, but has continued to investigate the case along with the Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD). The attackers were using stealthy malware the NCSC calls Coathanger after targeting FortiGate boxes.

The IoT Breaches your Household Again
https://hatenablog-parts.com/embed?url=https://arxiv.org/abs/2407.12159</a>" frameborder="0">https://arxiv.org/abs/2407.12159

IoTというかSmartHomeみたいなのはマジでザルよね

A Simple Firmware Update Completely Hides a Device’s Bluetooth Fingerprint
https://hatenablog-parts.com/embed?url=https://today.ucsd.edu/story/a-simple-firmware-update-completely-hides-a-devices-bluetooth-fingerprint</a>" frameborder="0">https://today.ucsd.edu/story/a-simple-firmware-update-completely-hides-a-devices-bluetooth-fingerprint

The current approach taken by smartphone companies to make the devices hard to track by their Bluetooth signals is to randomly change the phone’s identity, its MAC address. However, that doesn’t address the physical-layer fingerprints inherent in each device’s transmissions due to unique hardware imperfections.

All wireless devices have small manufacturing imperfections in the hardware used to emit these beacons that are unique to each device. These fingerprints are an accidental byproduct of the manufacturing process. These imperfections in Bluetooth hardware result in unique distortions, which can be used as a fingerprint to track a specific device.

>>38
bCOVID-19の濃厚接触の判断をしてたように人の移動は簡単にトレースできるんだ、だからbluetoothは嫌い

青春

I Was a Teenage Webmaster
https://hatenablog-parts.com/embed?url=https://mikegrindle.com/posts/web-master</a>" frameborder="0">https://mikegrindle.com/posts/web-master

Apple will allow developers access to its NFC technology, avoiding an EU fine
https://hatenablog-parts.com/embed?url=https://www.engadget.com/apple-will-allow-developers-access-to-its-nfc-technology-avoiding-an-eu-fine-123026127.html</a>" frameborder="0">https://www.engadget.com/apple-will-allow-developers-access-to-its-nfc-technology-avoiding-an-eu-fine-123026127.html

Then, in early 2024, Apple finally offered to open up its NFC technology and report to an independent reviewer. The European Commission shared the terms publicly, encouraging Apple's rivals and other interested parties to give their opinion. The final agreement between the European Commission and Apple results from those consultations.

The tech giant could still be on the hook for tens of billions of dollars in a different case after the European Commission issued its preliminary view that Apple violated the Digital Markets Act (DMA).

>>41
DMAがあるEUだけ！

Grunge Rock and a Neighborhood Network in 90s China
https://hatenablog-parts.com/embed?url=https://peebs.org/2024/07/13/grunge-rock-and-a-neighborhood-network-in-china/</a>" frameborder="0">https://peebs.org/2024/07/13/grunge-rock-and-a-neighborhood-network-in-china/

We played a lot of computer games, because there wasn’t much else to do, and that was pretty OK because the late 90s was a magical time for computer games! Huge, rapid advances in computing power ushered in a golden age of gaming with titles like Quake, Starcraft, Half-life, and many others. With each new game, the graphics and technical achievements improved with what seemed like breathtaking speed. It wasn’t just graphics that were improving – games were increasingly incorporating online multiplayer modes so you could play against others online but this unfortunately required reliable, decent internet, something we certainly didn’t have.

But nerds find a way.

We started frequenting local Internet Cafes. Most Chinese at the time (average wage roughly $50-100 USD a month) couldn’t afford a computer so you’d have people working or browsing the web, but there were a lot of games being played too. The Chinese were overwhelmingly into the Real Time Strategy (top down view, controlling tanks and stuff) game Command & Conquer Red Alert. Us foreign kids preferred the sci-fi setting and gameplay of Starcraft, another RTS

アメリカ語むずかしいけど学びがある🥺

I don’t remember who had the idea originally, but eventually we wondered if we could build a neighbourhood computer network. How would it work? Most of my friends lived within one building, which made things easier, but Programmer Teacher Friend and, more importantly, my 2v2 Starcraft Teammate, lived in another building that was separated by a plaza that was probably 50 meters wide. To further complicate matters, they were at the far end of the building, which would easily add another 50 meters of length.

Could we build a Local Area Network (LAN) that big? At the time, the standard for normal ethernet networks was 10megabits per second over twisted pair CAT4 (I think? Maybe CAT3?) cable. The problem was the maximum length for ethernet cables of that standard was no more than 50 meters. Ethernet cable also, well, looked like ethernet cable, and we didn’t want our cables to attract attention from any maintenance personnel. Hubs at the time (you had to pay more for a switch) often supported coaxial cable running in a 10Base-2 configuration plus ethernet. Picture the cable that comes into your TV box: that’s coaxial cable. The good news was that 10Base-2 had a max distance of roughly 100 meters, and that was just the distance between hubs, so you could run longer if you had a hub acting like a repeater. The tradeoff was speed – 10Base-2 was limited to something like 2 megabits per second, but that was still super fast for games. The better news was that because coax cable looked just like TV cable, we could hide it next to other wiring where no maintenance person would mess with it.

青春すぎて泣きそうな文章ですね
おやすみなさい

なんだこのスレ…

Our country doesn't know the hard part of information technology.
Therefore, information is always leaked
Thank you for your advice🫲🥺🫱

>>43
(Young Nerds: what we today call a GPU, except it was 3D only, and well, I don’t care to explain more).
ここすき

久しぶりやん