The FBI is remotely hacking hundreds of computers to protect them from Hafnium

The FBI is remotely hacking hundreds of computers to protect them from Hafnium

The hack, which affected tens of thousands of Microsoft Exchange Server customers around the world and triggered a “whole of government response” from the White House, reportedly left a number of backdoors that could let any number of hackers right into those systems again.

Signal finally updates public server code after months of silence

Signal finally updates public server code after months of silence

The project has released the source code for every component of Signal, including the back-end server and client applications, but the public code for the server software was left outdated for months until just today.

Releases · xwiki-labs/cryptpad

Releases · xwiki-labs/cryptpad

We identified and fixed a number of issues which caused shared folders that were protected with access lists to fail to load due to race conditions between loading the document and authenticating with the server as a user or member of a team.

Privacy Talks | Interview with Alex Kehaya from Orchid VPN

Privacy Talks | Interview with Alex Kehaya from Orchid VPN

[7:04] – One question that I have, is why wouldn’t an average user just set up their own VPN if trust is such an issue?[13:20] – You mentioned those curated lists, that also allows people to choose from servers that provide them certain functionality, like Netflix in the US for instance.

New Browser Attack Allows Tracking Users Online With JavaScript Disabled

New Browser Attack Allows Tracking Users Online With JavaScript Disabled

Although these methods exploit a covert timing channel in the CPU cache, the new attack devised by Ben-Gurion researchers targets a cache-based side-channel in modern web browsers.This string search is followed by a request for a CSS element that requires DNS resolution from the malicious server.

Research finds 14% of mobile apps leave user data in unsecured servers

Research finds 14% of mobile apps leave user data in unsecured servers

App developers rely on third-party servers to simplify data storage, but new research indicates that these servers are often left with little to no security over sensitive data.The issue lies in developers who do not secure their server, so any and all app categories are affected.

Signal Server is effectively closed source software right now

Signal Server is effectively closed source software right now

I have been somewhat of a “Signal apologist” thus far (I almost always defend them & I think a lot of criticism they get it very unfair) but yeah I’m over Signal now.

Help users in Iran reconnect to Signal

Help users in Iran reconnect to Signal

As an interim solution to help people in Iran get connected again, we’ve added support in Signal for a simple TLS proxy that is easy to set up, can be used to bypass the network block, and will securely route traffic to the Signal service.

Brave browser takes step towards enabling a decentralized web

Brave browser takes step towards enabling a decentralized web

Brave has just taken a step towards supporting a decentralized web, by becoming the first browser to offer native integration with a peer-to-peer networking protocol that aims to fundamentally change how the internet works.

Eoin's Articles

Eoin's Articles

Now not only will it be impossible for users to log into your server (youself included) unless they know your SSH private key but anyone who does try will be banned for a day.

Millions of Social Profiles Leaked by Chinese Data-Scrapers

Millions of Social Profiles Leaked by Chinese Data-Scrapers

The leak stems from a misconfigured ElasticSearch database owned by Chinese social-media management company SocialArks, which contained personally identifiable information (PII) from users of Facebook, Instagram, LinkedIn and other platforms, according to researchers at Safety Detectives.

Scammers Expose Facebook Data Haul of 13 Million Records

Scammers Expose Facebook Data Haul of 13 Million Records

Among the 5.5GB haul discovered by vpnMentor on September 21, was 150,000-200,000 Facebook usernames and passwords, and personal info including emails, names and phone numbers for hundreds of thousands who had fallen victim to a Bitcoin scam.

Apple Responds to macOS Privacy Concerns, Explains Why Apps Were Slow to Launch

Apple Responds to macOS Privacy Concerns, Explains Why Apps Were Slow to Launch

On top of this, Apple says “over the next year we will introduce several changes to our security checks,” specifically: a new encrypted protocol for Developer ID certificate revocation checks strong protections against server failure a new preference for users to opt out of these security protections Apple also gave some further technical information on the situation to iPhone in Canada.

Your Smart TV is probably ignoring your PiHole

Your Smart TV is probably ignoring your PiHole

We’re going to create two Port Forward NAT rules - one to redirect any DNS queries originating from devices on the LAN to PiHole, and another to allow PiHole to commmunicate with external DNS servers.

Solid, the privacy project created by web inventor, takes 1st step

Solid, the privacy project created by web inventor, takes 1st step

Solid was first announced back in 2018 as a way of giving control of user data to individuals, rather than to online services .

How To: Privacy-centric DNS

How To: Privacy-centric DNS

After that is out of the way (please don’t reboot now because you won’t have the necessary other bits configured, please be patient), edit your local /etc/dnscrypt-proxy/ configuration file to set up the upstream server you want to use.

Privacy News Online | Weekly Review: November 6, 2020

Privacy News Online | Weekly Review: November 6, 2020

The social networking app left a server exposed on the internet that exposed private user data for the entire world to see.Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service.

Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps

Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps

Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP addresses, expose links sent via end-to-end encrypted chats, and even unnecessarily download gigabytes of data stealthily in the background.

Bing mobile app database left open to hackers, millions of user data sets compromised

Bing mobile app database left open to hackers, millions of user data sets compromised

Bing is the search engine owned by Microsoft and data related to the mobile app for iOS and Android has been found in an open server.Nearly 100 million records had been collected by bad-actors by the time a second Meow attack hit the server on September 14.

Server Leak exposes users of dating site network

Server Leak exposes users of dating site network

vpnMentor researchers said the database stored copies of push notifications that various online sites were sending to their users via Mailfire's push notification service.

QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money

QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money

In an analysis released by Check Point Research today, the latest wave of Qbot activity appears to have dovetailed with the return of Emotet — another email-based malware behind several botnet-driven spam campaigns and ransomware attacks — last month, with the new sample capable of covertly gathering all email threads from a victim's Outlook client and using them for later malspam campaigns.

How to completely self host Standard Notes - Part 1

How to completely self host Standard Notes - Part 1

This part will cover setting up your own self-hosted Standard Notes instance and routing your instance through nginx to allow for public exposure.Nginx is a reverse proxy that allows you to point incoming web traffic to your new Standard Notes syncing server.

GitHub - Chatcola-com/chatcola: chatcola.com messaging server - self-host your messages without multi-domain hell!

GitHub - Chatcola-com/chatcola: chatcola.com messaging server - self-host your messages without multi-domain hell!

3) Obtain a domain and a certificate (look steps 2 and 3 below in "Steps - WITHOUT SUDO ACCESS") and copy them to a directory of your choice - for example into /opt/chatcola.

TunnelBear Removes Hong Kong Servers

TunnelBear Removes Hong Kong Servers

Privacy and human rights organizations have expressed concerns that the new law gives the Chinese government legal means to force Hong Kong’s ISPs to turn over user data, or even make arrests over online content.

VICE - Cops Seize Server that Hosted BlueLeaks, DDoSecrets Says

VICE - Cops Seize Server that Hosted BlueLeaks, DDoSecrets Says

On Tuesday, Emma Best, the founder of Distributed Denial of Secrets or DDoSecrets, a WikiLeaks-like website that has published the police data, said that prosecutors in the German town of Zwickau seized the organization’s “primary public download server.”.

Private Internet Access to temporarily remove Mexico VPN exit gateway

Private Internet Access to temporarily remove Mexico VPN exit gateway

Mexico has been a highly requested VPN exit gateway location and our users can rest assured that we will bring the exit gateway back with a reliable data center partner as soon as possible.

Stalker Online hacked! Over one million gamers’ passwords made available for download

Stalker Online hacked! Over one million gamers’ passwords made available for download

The database, which is being offered for sale for “several hundred Euros worth of Bitcoins”, contains 1,289,084 Stalker Online player records, including usernames, account passwords, email addresses, phone numbers, and IP addresses.

Oracle's BlueKai Spilled Network Monitoring Data 'Billions of Documents'

Oracle's BlueKai Spilled Network Monitoring Data 'Billions of Documents'

An Oracle ad tech division responsible for monitoring 1 % of all web traffic has exposed billions of records through an unsecured server.By leaving a server unsecured without a password, Tech giant and data harvester Oracle has exposed billions of records of people around the globe.

Private Internet Access Next Generation Network comes out of beta

Private Internet Access Next Generation Network comes out of beta

Private Internet Access users will soon be able to access our Next Generation network of hardened VPN servers – which will be exiting a recently announced beta .Private Internet Access releases Next Generation VPN servers with security and speed improvements.

Private Internet Access reveals physical locations of 35 geo-located regions

Private Internet Access reveals physical locations of 35 geo-located regions

Private Internet Access made the decision to start offering geo-located regions as a way to re-enter regions like Russia and Brazil that we have previously had to leave due to regulatory reasons as well as a way to offer quality VPN exit nodes in regions where we were unable to source high quality VPN servers.List of Private Internet Access geo-located regions and their physical locations.