Androgamer

PLAIN TEXT passwords showed up on file-hosting site German chat platform Knuddels.de ("Cuddles") has been fined €20,000 for storing user passwords in plain text (no hash at all? Come on, people, it's 2018). The data of Knuddels users was copied and published by malefactors in July. In September, someone emailed the company warning them that user data had been published at Pastebin (only 8,000 members affected) and Mega.nz (a much bigger breach). The company duly notified its users and the Baden-Württemberg data protection authority. The largest breach, according to Spiegel Online, exposed over 800,000 email addresses and more than 1.8 million user pseudonyms with their associated passwords had been published on Mega.nz. The chat platform said it had verified 330,000 of the published emails. The regional data watchdog deemed that plain text storage of passwords breached legislation that implements the GDPR in Germany (specifically article 32 of the DS-SGVO), and impos...

More than half a million Google Android users have downloaded malware-ridden apps from the Google Play store. Of the 13 apps, which posed as driving simulation games, two were trending on the store, giving them greater visibility. In response to this news, please find a comment below from OneSpan. Will LaSala, Director of Security Solutions, Security Evangelist at OneSpan: Application repackaging has been on the rise for a while now. Earlier this year it was reported that applications were being hijacked to install cryptocurrency miners. We saw a decline in these attacks when governments started to address the cryptocurrency conversion process and made it harder for anonymous people to cash out. However, these repackage attacks did not stop, instead they got more sophisticated and refocused on other valuable data that can be converted to money just as quickly. New repackaging attacks make common or simple apps into nefarious payload delivery applications. This allows hackers to get ...

The lack of political leadership to face targeted attacks is contributing to the poor job the UK is doing on its national security strategy, says a UK government report discussing the cyber security of the nation’s critical national infrastructure. How devastating is an attack on critical infrastructures and how is it perceived by the general public? The official government report found that the general public doesn’t fully understand the aftermath of a targeted attack on critical sectors such as energy, health services, transport or water. This is a major concern for the country, as the threat landscape is growing and an increase in the number of attacks targeting the UK has been detected. The joint committee warns that the shortage of industry experts and lack of urgency in actions are actively exposing critical infrastructures to risks that could easily be avoided otherwise. The government’s “efforts so far certainly fail to do justice to its own assessment...

In the battle for online privacy, U.S. search giant Google is a Goliath facing a handful of European Davids. The backlash over Big Tech's collection of personal data offers new hope to a number of little-known search engines that promise to protect user privacy. Sites like Britain's Mojeek , France's Qwant , Unbubble in Germany and Swisscows don't track user data, filter results or show "behavioral" ads. These sites are growing amid the rollout of new European privacy regulations and numerous corporate data scandals, which have raised public awareness about the mountains of personal information companies stealthily gather and sell to advertisers. Widespread suspicion in Europe about Google's stranglehold on internet searches has also helped make the continent a spawning ground for secure searching. Europe is particularly sensitive to privacy issues because spying by the Nazi-era Gestapo and the secret services in the Soviet Union is still within living...

Blames an ‘industry database’ that failed to filter prohibited content Tumblr says that child pornography was the reason for its app’s sudden disappearance from the iOS App Store. The app has been missing from the store since November 16th, but until now the reason for its absence was unclear — initially Tumblr simply said it was “working to resolve the issue with the iOS app.” However, after Download.com approached Tumblr with sources claiming that the reason was related to the discovery of child pornography on the service, the Yahoo-owned social media network issued a new statement confirming the matter. In its updated statement, Tumblr said that while every image uploaded to the platform is “scanned against an industry database of child sexual abuse material” to filter out explicit images, a “routine audit” discovered content that was absent from the database, allowing it to slip through the filter. Although Tumblr says t...

EU data protection legislation aims to give users more control over their personal data, and threatens companies with fines for collecting data without user consent and for data breaches. Countless companies have been struggling to become GDPR compliant, but it seems major tech players may not have taken it seriously. After Facebook and Google drew criticism for violating EU’s data protection law, it is now Microsoft’s turn to take the heat. The tech giant is looking at a hefty fine after an investigation, commissioned by the Dutch government, found the company has violated the GDPR, which took effect this May, says an article by The Telegraph. The Dutch government is most concerned that affected users include government employees dealing with sensitive information daily. According to the report, over 300,000 government computers run Microsoft Office in the country -- computers that may have been affected by Microsoft’s data harvesting. The investigation report from ...

Last week's report in The New York Times (NYT), titled 'Delay, Deny and Deflect: How Facebook's Leaders Fought Through Crisis', has again focused attention on Facebook. "Ms. Sandberg [Facebook COO]," writes the NYT, "has overseen an aggressive lobbying campaign to combat Facebook's critics, shift public anger toward rival companies and ward off damaging regulation." Sheryl Sandberg responded the next day, denying two of the accusations. Firstly, she denied that Facebook had been aware of any Russian misinformation campaigns before the 2016 presidential election; and secondly, she denied any personal knowledge of an alleged campaign run by Facebook's PR firm Definers -- which had sought to discredit, for example, George Soros. Definers no longer works for Facebook. But Facebook has problems that go beyond The New York Times. Multiple national parliaments have invited Facebook CEO Mark Zuckerberg to appear before "an 'international g...

Facebook on Tuesday announced important updates to its bug bounty program. The social media giant says it’s prepared to pay out as much as $40,000 for vulnerabilities that can lead to account takeover. According to Facebook, researchers can earn up to $40,000 if they report an account hijacking flaw that does not require any user interaction, and $25,000 if minimum user interaction is required for the exploit to work. The bounty applies to Facebook and other services owned by the company, including Instagram, WhatsApp and Oculus. “By increasing the award for account takeover vulnerabilities and decreasing the technical overhead necessary to be eligible for bug bounty, we hope to encourage an even larger number of high quality submissions from our existing and new white hat researchers to help us secure over 2 billion users,” Facebook said. The bug bounty update comes in response to a recent data breach that impacted roughly 29 million users. Facebook revealed in S...

New findings from New York University Tandon and Michigan State University on “synthetic biometrics”  show how fake biometrics can potentially be used:  DeepMasterPrints: Generating MasterPrints for Dictionary Attacks – here’s the Guardian story on this: Fake fingerprints can mimic real ones in biometric systems.  In response, a cybersecurity expert with OneSpan offers perspective. Sam Bakken, Senior Product Marketing Manager at OneSpan: “This is impressive research that will contribute to continued improvement in the security of biometric authentication, but that doesn’t mean it’s time for financial institutions to give up on fingerprint recognition and authentication. The research was conducted in a laboratory environment with plenty of resources, and while that doesn’t invalidate the findings, the costs of executing such an attack are far from negligible and attackers probably don’t see a good return-on-investment...

In April, with the GDPR deadline and its requirement for data portability looming, Instagram released the long-anticipated download your data tool. The feature gave users the ability to download images, posts and comments. Unfortunately, Instagram turned the task of downloading your data into an exercise in exposing people’s passwords in plain text. Thankfully, the bug in the “download your data” tool only affected a handful of users, it said. As The Information reported last week, Instagram told affected users on Thursday night that if they’d used the “download your data” feature, their passwords were showing up in plaintext in the URL of their browsers. That might not be a big deal to a user at home on an unshared computer, but as Facebook, which owns Instagram, said in the notice to users, it means that anybody who used the tool on a public computer – say, in a library – had their password exposed in the URL: an unfortunate gift to a...

The combined price of BCH and BSV has now fallen to about $300, down by 50% from BCH’s pre-split price of circa $600. Making this the very first time that a coin has lost a substantial amount of value in a chain-split, with previous splits having the combined price at pre-split levels or above. There are currently wide variation between exchanges as some have opened deposits while some have not, making arbitrage difficult. On Poloniex, for example, the combined price is at circa $290. While on Bittrex, which has opened deposits, it stands at circa $330 with BCH at $250 and BSV at $80. It is unclear what exactly exchanges are waiting for. Coinbase, for example, has not yet opened even BCH trading, let alone deposits and withdrawals. On other exchanges trading continues, but deposits and withdrawals are not available now four days since the fork. Both chains have operated without any problems since the split on November 15th, with Calvin Ayre of Coingeek stating: “SV eit...

Alternatives lists FuckOffGoogle List of Google Alternatives https://wiki.fuckoffgoogle.de/index.php?title=GoogleAlternatives RestorePrivacy Alternatives to Google https://restoreprivacy.com/google-alternatives De-google-ify Internet (A list of free/libre alternative services to centralized platforms, hosted by French non-profit Framasoft) https://degooglisons-internet.org/en/list Alternatives to Google services (2017) https://pad.okfn.org/p/google_alternatives pcqpcq OpenSource Android Apps https://github.com/pcqpcq/open-source-android-apps Fossdroid Android apps https://fossdroid.com Prism-Break List of free recommendations against proprietory software https://prism-break.org Droid-Break Android https://droid-break.info Privacy Tools. Encryption against global mass surveillance https://www.privacytools.io FLOSS Android by Primokorn https://gitlab.com/Primokorn/FLOSS_Android_apps https://forum.xda-developers.com/android/general/index-floss-list-free-libre-source-...

❌ Open (risky): Open Wi-Fi networks have no passphrase. You shouldn’t set up an open Wi-Fi network—seriously, you could have your door busted down by police. ❌ WEP 64 (risky): The old WEP protocol standard is vulnerable and you really shouldn’t use it. ❌ WEP 128 (risky): This is WEP, but with a larger encryption key size. It isn’t really any less vulnerable than WEP 64. ❌ WPA-PSK (TKIP): This uses the original version of the WPA protocol (essentially WPA1). It has been superseded by WPA2 and isn’t secure. ❌ WPA-PSK (AES): This uses the original WPA protocol, but replaces TKIP with the more modern AES encryption. It’s offered as a stopgap, but devices that support AES will almost always support WPA2, while devices that require WPA will almost never support AES encryption. So, this option makes little sense. ❌ WPA2-PSK (TKIP): This uses the modern WPA2 standard with older TKIP encryption. This isn’t s...

(1)  IRCTC Rail Connect Preview the latest features in addition to existing ticketing services: :: New Users, register and activate from App directly. :: Advanced security features of self-assigned PIN to login without entering username and password on each login. :: Supports Ladies,Tatkal & Premium-Tatkal quota booking. :: Current reservation facility. :: Integrated with IRCTC e-wallet for faster and hassle free transactions. :: Boarding point change facility. :: Syncing of IRCTC's NGeT Web Site and NGeT Mobile App tickets. Now users can view, cancel or file TDR of e-tickets booked through official website (www.irctc.co.in) and vice-versa. :: Users can view the status of e-tickets booked through our authorized Online Travel Agents (OTA). :: Users can view and cancel old mobile app tickets also. (2) PNR Status, Train Running Status & Ticket Booking(trainman) Book Train Ticket Trainman is now an IRCTC authorised online travel agent. Train tickets can be booked o...

Ripple has suddenly taken second position with a market cap of $19 billion while ethereum has fallen to $18.4 billion on increased global crypto trading volumes of nearly $20 billion. No one is celebrating, however, because this isn’t due to any gains by ripple but due to a brutal sell off across the crypto market that has sent bitcoin’s market cap below $100 billion for the first time in 2018. The reason for this sell-off isn’t very clear. It might be related to uncertainty regarding Brexit or it might be related to the BCH fork. The fork however turned out to be uneventful, as predicted. So if it was due to the fork then one would have expected a bounce. We haven’t seen one yet perhaps because BCH and BSV trading hasn’t really started as deposits and withdrawals have not yet opened. Once they do, then we might see how the wider market reacts and whether this was due to the fork or due to some other unrelated event. The fork might have affected the w...

Have you ever wondered just what is open source? Jack Wallen explains the concept, why it's important, and what you can do to help the cause. What is open source? That's a good question, and one I'm glad you asked. Why? Because there is often a bit of misinformation surrounding this particular topic that needs to be cleared up. But first, just what is this source you call open? To put it simply, open source refers to something people can modify and share because its design is publicly accessible. In the case of open source software, not only is the design publicly accessible but so is the code. Even more, the open source license doesn't just allow you to share the design or code, it allows you to modify it, so long as you give attribution to the original developer. In other words, if you use a piece of open source software and think of another way to implement it, you can make that happen by adding to or changing the code. Just make sure you give sufficient credit fo...

Mozilla has added a new feature to Firefox to alert users when they visit a website that has been part of a data breach in the past. Earlier this year, the Internet organization launched Firefox Monitor, a service to inform users if their accounts have been part of data breaches. Enjoying support for Cloudflare, the service uses data from Troy Hunt’s Have I Been Pwned (HIBP) website to keep track of compromised accounts. The newly announced Firefox alert is the latest improvement Mozilla brings to Firefox Monitor and takes advantage of the very same HIBP data to warn users of breached websites. “To help users who might have otherwise missed breach news or email alerts, we are integrating alerts into Firefox that will notify users when they visit a site that has been breached in the past. This feature integrates notifications into the user’s browsing experience,” Mozilla’s Luke Crouch explains. What users should keep in mind when receiving these alerts, ...

Got a pen-test report detailing a crazy bad bug in Microsoft software? It could be your problem, not Microsoft’s. A day ahead of yesterday’s 63-patch November 2018 Patch Tuesday security update, the group that decides what fixes make it into its monthly security update has posted a polite reminder to customers: a weakness affecting our product in your environment isn't necessarily an across-the-board vulnerability in the product. The Microsoft Security Response Center (MSRC) is the group at Microsoft that evaluates whether reports about security bugs in its huge portfolio actually are vulnerabilities. Once confirmed, it determines what impact the bug has in order to inform admins and end-users how important they are to fix. To help with this process MSRC in September published guidance to explain to security researchers and customers how it assesses risk with respect to security flaws. The document aims to clarify what bugs Microsoft considers should be fixed on Patch Tu...

THE WORLD’S MOST  ambitious “smart city,” known as Quayside, in Toronto, has faced  fierce public criticism  since last fall, when the plans to build a neighborhood “ from the internet up ” were first revealed.  Quayside  represents a joint effort by the Canadian government agency Waterfront Toronto and Sidewalk Labs, which is owned by Google’s parent company Alphabet Inc., to develop 12 acres of the valuable waterfront just southeast of downtown Toronto. In keeping with the utopian rhetoric that fuels the development of so much digital infrastructure, Sidewalk Labs has pitched Quayside as the solution to everything from traffic congestion and rising housing prices to environmental pollution. The  proposal  for Quayside includes a centralized identity management system, through which “each resident accesses public services” such as library cards and health care. An applicant for a position at Sidewalk Labs in Toronto was shocked when he was...

Finally, 130 years after it was established, the kilogram as we know it is about to be retired. But it's not the end: a new definition will be put in place - one that's far more accurate than anything we've had until now. Tomorrow, on 16 November, the General Conference on Weights and Measures (CGPM) in Versailles is going to vote to officially make the change.  Le kilogramme est mort, vive le kilogramme. Most people don't think about metrology - the science of measurement - as we go about our day. But it's vastly important. It's not just the system by which we measure the world; it's also the system by which scientists conduct their observations. It needs to be precise, and it needs to be constant, preferably based on the laws of our Universe as we know it. But of the seven base units of the  International System of Units  (SI), four are not currently based on the constants of physics: the ampere (current), kelvin (temperature), mole (amount of substa...

1) Load up your android device. 2) Next click on your playstore app and search for “Termux” & install it. 3) Open Termux app and type: “pkg install git”. 4) To update available packages type: “pkg update”. 5) Lets install python by typing ” pkg install python” 6) We will need to download the tool we will be using for this bruteforce exercise. To download, on your terminal…type: “git clone https://github.com/avramit/instahack 7) Once the download is complete, type: “ls” to list the available folders/files in current directory 8) As you can see you have a folder call “instahack”, now make your way into that folder by typing “cd instahack”. 9) Type: “ls” to list the available files. 10) Ok we are nearly there. Next lets install an editor so we can edit the password file. To install nano, type : “pkg install nano” . 11) Ok lets stop for a second. Now all...

PlayerUnknown's Battlegrounds  ( PUBG ) is an  online multiplayer   battle royale game  developed and published by  PUBG Corporation , a  subsidiary of South Korean video game company  Bluehole . The game is based on previous  mods  that were created by Brendan "PlayerUnknown" Greene for other games using the film  Battle Royale  for inspiration, and expanded into a standalone game under Greene's creative direction. In the game, up to one hundred players parachute onto an island and scavenge for weapons and equipment to kill others while avoiding getting killed themselves. The available safe area of the game's map decreases in size over time, directing surviving players into tighter areas to force encounters. The last player or team standing wins the round. PlayerUnknown's Battlegrounds Developer(s) PUBG Corporation [a] Publisher(s) PUBG Corporation (Windows) Microsoft Studios  (Xbox One) Tencent Gam...