Happy 22nd Birthday DShield.org!, (Fri, Nov 25th)

Traditionally, I consider the Thanksgiving weekend of 2000 the “Birthday” of DShield. I coded the first version of DShield over that weekend and made it public soon after. My records aren’t that great, but here is an early screenshot of DShield.org courtesy of archive.org. There are a couple earlier once, but they are a bit too embarassing to post here :). What is now the Internet Storm Center was known as incidents.org back then.

Source: Happy 22nd Birthday DShield.org!, (Fri, Nov 25th)


Computer Repair Technicians Are Stealing Your Data

Laptop technicians routinely violate the privacy of the people whose computers they repair: Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device. Devices belonging to females were more likely to be snooped on, and that snooping tended to seek more sensitive data, including both sexually revealing and non-sexual pictures, documents, and financial information. […] In three cases, Windows Quick Access or Recently Accessed Files had been deleted in what the researchers suspect was an attempt by the snooping technician to cover their tracks. As noted earlier, two of the visits resulted in the logs the researchers relied on being unrecoverable. In one, the researcher explained they had installed antivirus software and performed a disk cleanup to “remove multiple viruses on the device.” The researchers received no explanation in the other case. […] The laptops were freshly imaged Windows 10 laptops. All were free of malware and other defects and in perfect working condition with one exception: the audio driver was disabled. The researchers chose that glitch because it required only a simple and inexpensive repair, was easy to create, and didn’t require access to users’ personal files. Half of the laptops were configured to appear as if they belonged to a male and the other half to a female. All of the laptops were set up with email and gaming accounts and populated with browser history across several weeks. The researchers added documents, both sexually revealing and non-sexual pictures, and a cryptocurrency wallet with credentials. A few notes. One: this is a very small study—only twelve laptop repairs. Two, some of the results were inconclusive, which indicated—but did not prove—log tampering by the technicians. Three, this study was done in Canada. There would probably be more snooping by American repair technicians. The moral isn’t a good one: if you bring your laptop in to be repaired, you should expect the technician to snoop through your hard drive, taking what they want. Research paper.

Source: Computer Repair Technicians Are Stealing Your Data


Who tracked internet users in 2021–2022

Every time you go online, someone is watching over you. The services you use, the websites you visit, the apps on your phone, smart TVs, gaming consoles, and any networked devices collect data on you with the help of trackers installed on web pages or in software.

Source: Who tracked internet users in 2021–2022


Will Twitter Infrastructure Go Down?

Chris Titus takes a look at what Twitter might look like on the inside.


Ads and Tracking is Getting Worse on iPhones

Apple may be protecting you from adverts/tracking but not from themselves.


SIM Swap Attack – Are They Hacking Your Phone?

This is still possible even for the average Joe that has little to no threat model.


Do This Now! Yubikey + Google U2F Setup – EASY!

Chris demonstrates just how easy this really is. Everyone should be doing this. Always make sure that you have your backup codes.


Fodcha DDoS botnet reaches 1Tbps in power, injects ransoms in packets

A new version of the Fodcha DDoS botnet has emerged, featuring ransom demands embedded in packets and new features to evade detection of its infrastructure. […]

Source: Fodcha DDoS botnet reaches 1Tbps in power, injects ransoms in packets


IMEI

Can I port my number or is my phone compatible? This breaks it down.


Hacking Google

Interesting set of vids. APT.