134 matches found
Russia to Fine Search Engines for Linking to Banned VPN services
In its years-long efforts to censor the Internet by blocking access to a large number of websites in the country, Russia has now approved a new bill introducing fines for search engines that provide links to banned sites, VPN services, and anonymization tools. VPNs, or Virtual Private Networks, a...
Browser Side-Channel Flaw De-Anonymizes Facebook Data
A side-channel vulnerability in Google Chrome and Mozilla Firefox allows drive-by de-anonymization of Facebook users. An exploit would allow an attacker to pick up the profile picture, username and the “likes” of unsuspecting visitors who find themselves landing on a malicious website – with no...
Tor: De-anonymization by visiting specially crafted bookmark.
There is a way to import logs in 'about:memory' from local disk, however, tested on windows you can pass a network url that may point to attack controlled server which logs IP's. This connection is done by windows presumably and so doesn't hide real IP of Tor user. 1. Have victim drag and drop an...
Dangerous liaisons
It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We're talking here about...
Database Anonymization Arbitrary Code Execution Vulnerability in Multiple Odoo Products
Odoo formerly OpenERP and others are products of the Belgian company Odoo, an Enterprise Resource Planning ERP and Customer Relationship Management CRM system; Odoo Community Edition is its Community Edition; Odoo Enterprise Edition is its Enterprise Edition.Database Database Anonymization module...
CVE-2017-10803
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...
CVE-2017-10803
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...
CVE-2017-10803
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...
Odoo CRM 10.0 - Code Execution
Vulnerability Summary The following advisory describe arbitrary Python code execution found in Odoo CRM version 10.0 Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc. Odoo’s unique value...
Data Anonymization: Motivation and Mechanics
Data is one of the most valuable assets a company has in its possession. And while it may not be listed as a line item on the balance sheet, when a company’s data is breached it can have a very negative impact on the bottom line—in a company’s stock price, reputation and brand. One approach to...
Деанонимизация пользователей Darknet(TOR, i2p(d), etc) & SOX &VPN аудиозакладками
Вообщем то ссылка на 33с3 уже была запощена в основном топике, но я хотел бы акцентировать общее внимание на презентацию Talking Behind Your Back On the Privacy & Security of the Ultrasound Tracking Ecosystem от Vasilios Mavroudis и Federico Maggi. Вкратце, суть такова: В 2012 году была основана...
Alpha Version of Sandboxed Tor Browser Released
A sandboxed version of the Tor Browser was released over the weekend, and while there are still some rough edges and bugs – potentially major, according to the developer– it could be the first step toward protecting Tor users from recent de-anonymization exploits. Yawning Angel, a longtime Tor...
Operations of a Brazilian Payment Card Fraud Group
Introduction Brazil has been designated a major hub for financially motivated eCrime threat activity. Brazilian threat actors are targeting domestic and foreign entities and individuals, with frequent targeting of U.S. assets. The country routinely places in "Top Five" lists of various global cyb...
[SECURITY] [DLA 650-1] mat security update
Package : mat Version : 0.3.2-1+deb7u1 Debian Bug : 826101 An implementation flaw was discovered in mat, the metadata anonymisation toolkit. The implementation of PDF support lacks support to anonymize the metadata in embedded images. As there is no easy fix for this flaw, it was decided that PDF...
Selfrando Technique Mitigates Attacks Unmasking Tor Users
The FBI’s apparent capability to unmask users of the Tor Network has caused hand-wringing among those concerned with privacy and civil liberties, many of whom are busy trying to win legal battles to get law enforcement to confess as to how they’re doing it. A team of academics and researchers,...
Adversary Resistant Computing Platform: SubgraphOS
Subgraph OS is an adversary resistant computing platform. The main purpose of Subgraph OS is to empower people to communicate, share, and collaborate without fear of surveillance and interference. What this means in practical terms is that users of Subgraph OS can safely perform their day-to-day...
OnionCat - An Anonymous VPN-Adapter (P2P layer 3 VPN based on Tor or I2P)
OnionCat is a VPN-adapter which allows to connect two or more computers or networks through VPN-tunnels. It is designed to use the anonymization networks Tor or I2P as its transport, hence, it provides location-based anonymity while still creating tunnel end points with private unique IP addresse...
Tor-Based Dark Web Email Service Targeted by Government Spies
The administrator of the popular Darknet email service, SIGAINT, is warning its users that the email service has become a target of a suspected law enforcement agency who tried to compromise it. About a week ago, SIGAINT has been targeted by an attacker who tried to hack the service by using near...
Yik Yak Patches Privacy Flaw in iOS App
Yik Yak, an application that allows users to share purportedly anonymous status updates with others near them, has fixed a critical vulnerability in its iOS app that could have de-anonymized users and let attackers take total control of someone’s account. Yik Yak’s security team was apparently...
Researchers Demonstrate Zero-Day Vulnerabilities in Tails Operating System
The critical zero-day security flaws, discovered in the privacy and security dedicated Linux-based Tails operating system by the researcher at Exodus Intelligence that could help attackers or law enforcements to de-anonymize anyone’s identity, actually lie in the I2P software that’s bundled with...