Privatnost i sigurnost podataka i korisnika

[Ivo_Strojnica]

Citiraj:

Autor Deamon101

Što ako taj "scanning system" detektira da sam ja napisao da određeni igrači na BI rade genocid i etničko čišćenje, ili stavim meme, a to se uvede u EU kao poziv na antisemitizam i postane protuzakonito? To je korak u dobrom smjeru?

Inteligencija šteka očito, zato i imaš svakojake stavove, možda da si odeš na još jedan booster?

Forum ima topic-e koji imaju razne teme, a ovaj dio se zove "Razno/Privatnost i sigurnost podataka i korisnika" i ovdje ide nešto drugo u odnosu na IT i računala.
Ako želiš možda mogu AI pitati da ovo objašnjenje još pojednostavni ako je komplicirano za shvatiti. I nemoj me zvati kolegom neukusno je i sramota me.

Moram priznati da mi se ne sviđa uopće tvoj način komunikacije.
Mislim da možeš reći svoje mišljenje bez da to uključuje vrijeđanje i omalovažavanje druge osobe.

Ukoliko to nisi sposoban, molim te, suzdrži se komentara.

[tomek@vz]

Citiraj:

Autor Deamon101

Što ako taj "scanning system" detektira da sam ja napisao da određeni igrači na BI rade genocid i etničko čišćenje, ili stavim meme, a to se uvede u EU kao poziv na antisemitizam i postane protuzakonito? To je korak u dobrom smjeru?

Inteligencija šteka očito, zato i imaš svakojake stavove, možda da si odeš na još jedan booster?

Forum ima topic-e koji imaju razne teme, a ovaj dio se zove "Razno/Privatnost i sigurnost podataka i korisnika" i ovdje ide nešto drugo u odnosu na IT i računala.
Ako želiš možda mogu AI pitati da ovo objašnjenje još pojednostavni ako je komplicirano za shvatiti. I nemoj me zvati kolegom neukusno je i sramota me.

Kaj da ti sad na ovo velim? Fakat nema smisla vise. Pokrenuo sam ovu temu kao izvor informacija kako se zastiti online (dakle striktno IT - ne zelim diskutirat politiku ni zakone jer nisam ni strucan za to), kako kao obican korisnik od prevaranta i kriminalaca tako i izvor informacija za IT Admine o aktualnim sigurnosnim problemima. Ti si preokrenuo sve u politiku i nesto sto granici sa teorijama zavjere. Tu si se uskokodakao oko sugavog zakona o enkripciji poruka a nikad nisi spomenuo ono sto mene recimo vise smeta ako cemo bas o tome - zakonu koji ce omoguciti policiji da cuva podatke korisnika unedogled. E to bi, ako ikad dode do promjene rezima mogao biti problem za pojednice. Zato tvrdim sto tvrdim i iza toga stojim. I pustio sam par dana sad mira oko cijele teme jer u te diskusije se ne zelim upustati, ali dok imas ovakav stav neznam kako bi covjek s tobom stao na zelenu granu. I onda jos svako malo podhebavas. Izvini al ti i ja nismo zajedno krave pasli i ne mislim sa takvima voditi besmislene diskusije na forumu.

[mkey]

Ja iskreno ne vidim razliku između toga da li "policija" ili "netko tko nije policija" ima priliku čuvati te podatke. Dovoljno je velik prekršaj da ih gospoda koriste za daljnje treniranje modela. Sve ostalo samo dodaje sol na otvorenu ranu.

A kada dođe do promjene režima, možemo na povijesnim primjerima uočiti da dokazi gube važnost. Kada treba ugušiti pobunu bitno je samo eliminirati nepoćudne elemente, manje bitno zašto niti će se sudovi opterećivati s razlozima.

Dodatno na to sve ide i ideja o precrime, koncept, za kojeg je mislim i dudekima jasno, da nije poželjan.

[medo]

Mislim da Gideon nije ništa novo. Postoje algoritmi koji su već bar desetljeće u upotrebi i funkcioniraju a ne zahtjevaju uplitanje u osobne podatke i špijuniranje poruka.

Algoritmi predviđaju buduće zločine na društvenoj razini pa policija i ostale službe preventivno djeluju pojačanim nadzorima i sl.

[Night]

Ne znam prati li tko ovaj nered, Fina je neovlašteno izdala nekoliko certifikata za 1.1.1.1, ali prema svojim testnim domenama umjesto prema Cloudflare DNSu. Zasad nema potvrda o ikakvoj zloupotrebi, tim više jer jedini browser koji vjeruje Fina root certifikatu je Edge, dok Firefox i Chrome nemaju Finu kao certifikat autoritet u svojoj listi pa na njih nije utjecalo.


https://blog.cloudflare.com/unauthor...s-for-1-1-1-1/

[Colop]

Citiraj:

Autor Night

Ne znam prati li tko ovaj nered, Fina je neovlašteno izdala nekoliko certifikata za 1.1.1.1, ali prema svojim testnim domenama umjesto prema Cloudflare DNSu. Zasad nema potvrda o ikakvoj zloupotrebi, tim više jer jedini browser koji vjeruje Fina root certifikatu je Edge, dok Firefox i Chrome nemaju Finu kao certifikat autoritet u svojoj listi pa na njih nije utjecalo.


https://blog.cloudflare.com/unauthor...s-for-1-1-1-1/

Hjao, zašto me ne čudi da je FINA sjebala nešto

[medo]

Zašto se njihovi certovi ne bi mogli ručno ubaciti u Firefox i Chrome? Nema ni Edge dok ga ne importaš u Windoze.

Vjerojatno si htjeli presretati DNS upite prema Cloudflareu. Ipak to je lažiranje potpisa. Po meni vrlo ozbiljna stvar.

[Night]

Citiraj:

Autor medo

Zašto se njihovi certovi ne bi mogli ručno ubaciti u Firefox i Chrome? Nema ni Edge dok ga ne importaš u Windoze.

Vjerojatno si htjeli presretati DNS upite prema Cloudflareu. Ipak to je lažiranje potpisa. Po meni vrlo ozbiljna stvar.

Možeš ručno ubaciti certifikat koji hoćeš, nitko ti ne brani, ali kako stoji u ovim izvješćima o incidentu Edge je već po defaultu imao Finu kao CA jer je povukao iz Windowsa, dok Chrome i Firefox nisu.

Još jedan link o temi i ozbiljnosti incidenta : https://www.netokracija.com/fina-cer...o-gulan-238118

[tomek@vz]

Citiraj:

Plex has alerted its customers about a security incident that may have affected user accounts. In an email sent to subscribers, the popular media server company confirmed that an unauthorized third party gained access to one of its databases. The breach exposed emails, usernames, and hashed passwords. Plex emphasized that passwords were encrypted following best practices, so attackers cannot simply read them. The company also reassured users that no credit card data was compromised, since Plex does not store that information on its servers. Still, out of caution, it is requiring all account holders to reset their credentials.

Users are being directed to reset their passwords at plex.tv/reset. During the process, Plex recommends enabling the option to sign out all connected devices. This measure logs out every device associated with the account, including Plex Media Servers, forcing a fresh login with the updated password. The company says it has already fixed the method used by the intruder to gain entry and is conducting additional security reviews. Plex is also urging subscribers to enable two-factor authentication if they have not already done so.

----

Citiraj:

In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack.

The package maintainer whose accounts were hijacked in this supply-chain attack confirmed the incident earlier today, stating that he was aware of the compromise and adding that the phishing email came from support [at] npmjs [dot] help, a domain that hosts a website impersonating the legitimate npmjs.com domain.

In the emails, the attackers threatened that the targeted maintainers' accounts would be locked on September 10th, 2025, as a scare tactic to get them to click on the link redirecting them to the phishing sites.

----

Citiraj:

The former head of security for WhatsApp filed a lawsuit on Monday accusing Meta of ignoring major security and privacy flaws that put billions of the messaging app's users at risk, the latest in a string of whistle-blower allegations against the social media giant. The New York Times: In the lawsuit filed in the U.S. District Court of the District of Northern California, Attaullah Baig claimed that thousands of WhatsApp and Meta employees could gain access to sensitive user data including profile pictures, location, group memberships and contact lists. Meta, which owns WhatsApp, also failed to adequately address the hacking of more than 100,000 accounts each day and rejected his proposals for security fixes, according to the lawsuit.

Mr. Baig tried to warn Meta's top leaders, including its chief executive, Mark Zuckerberg, that users were being harmed by the security weaknesses, according to the lawsuit. In response, his managers retaliated and fired him in February, he claims. Mr. Baig, who is represented by the whistle-blower organization Psst.org and the law firm Schonbrun, Seplow, Harris, Hoffman & Zeldes, argued in the suit that the actions violated a privacy settlement Meta reached with the Federal Trade Commission in 2019, as well as securities laws that require companies to disclose risks to shareholders.

[Night]

Vezano za NPM incident :


https://www.coindesk.com/tech/2025/0...g-1b-downloads

Citiraj:

• Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s Node Package Manager (NPM) account.
• According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it.

[Bono]

Citiraj:

Autor kopija

Sramotno je da ljudi neznaju da moraju maskirati svoj IP prije nego pozovu na mržnju i nasilje prema bližnjima.

Pa da, objavis zastavu svoje zemlje koja naravno moze negativno utjecati na neke stavovnike ili kazes da volis svinjetinu, to je itekako da te policija skupi na ispitivanje.

Ili ako upozoris ili objavis snimku napada, to je isto povod da te sprovedu na ispitivanje kao najveceg kriminalca, nekima su razbili ulazna vrata.

Citiraj:

British police arrest a man for sharing a social media post that caused somebody anxiety.

"Why am I in cuffs because of something he shared, then I shared?"

"Because someone has been caused anxiety based upon your social media post. That's why you've been arrested."

A za chat control nemam komentara, 40% je false positive i oni razmisljaju o implementiranju.

Po engleskim zakonima Deamon101 bi vec svirao klavir, da zivim tamo.

[medo]

Citiraj:

Autor Night

Možeš ručno ubaciti certifikat koji hoćeš, nitko ti ne brani, ali kako stoji u ovim izvješćima o incidentu Edge je već po defaultu imao Finu kao CA jer je povukao iz Windowsa, dok Chrome i Firefox nisu.

Još jedan link o temi i ozbiljnosti incidenta : https://www.netokracija.com/fina-cer...o-gulan-238118

Nisam znao da Windoze imaju Fina CA kao trusted. Mislim da nakon ovoga više neće imati

[rodriguez]

Proton terminira racune hakerima i novinarima samo na osnovu prijave i to ne drzave ili policije

Honeypot

https://x.com/vxunderground/status/1965775209715360151


https://x.com/ProtonPrivacy/status/1965706736750198965

[kopija]

Viva la resistance!

[tomek@vz]

Citiraj:

Autor rodriguez

Proton terminira racune hakerima i novinarima samo na osnovu prijave i to ne drzave ili policije

Honeypot

https://x.com/vxunderground/status/1965775209715360151


https://x.com/ProtonPrivacy/status/1965706736750198965

Citiraj:

At this point, it seems your interest is spreading FUD, not truth. Weird, huh? We’ve repeatedly clarified this 2021 case: Proton never gave data directly to French police, under Swiss law, that’s illegal. As a Swiss company, we must follow Swiss law. In the activist case, a Swiss court order compelled us to log IPs for a specific account. We had no knowledge of who the user was, and no legal way to resist. Our encryption cannot be bypassed by law enforcement. This case actually proves Proton Mail works as designed: even under a binding order, email content remained private. More context here:https://proton.me/blog/climate-activist-arrest

[tomek@vz]

Citiraj:

Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an entire software ecosystem depends on, the consequences can be truly unprecedented.
Earlier this week, the Npm package manager suffered what may be its worst security incident to date. Unknown cybercriminals managed to compromise the account of Josh "Qix" Junon, one of the core maintainers of the Npm project. As a result, several of the most critical packages in the JavaScript ecosystem were infected with a backdoor designed to steal user and developer cryptocurrency in bulk.

> Techspot

[rodriguez]

Note by PHRACK STAFF:
A responsible disclose was attempted with South Korea. The full article, dump and release schedule was shared with them before publishing:
• 16th of June 2025, Informed Defense Counterintelligence Command.
• 26th of June 2025, Anonymous response by clearbear001 (dcc.mil.kr?).
• 16th of July 2025, Anonymous response by operation-dl (who is this?).
• 17th of July 2025, Informed KISA.
• 17th of July 2025, Informed Ministry of Unification.
• 17th of July 2025, Informed LG Uplus Corp.
• 18th of July 2025, Informed KrCERT.
• 15th of August 2025, Proton disables whistleblower's email account.
• 16th of August 2025, Proton disables author's email account.
The only responses were from anonymous individuals (clearbear001 and operation-dl).
We advised them to inform KISA and KrCERT. Communication then ended abruptly.
An appeal was filed with Proton. Proton replied: "your account will cause further damage to our service, therefore we will keep the account suspended".
Proton ignored any further request for clarification (Proton was used only for email and only to communicate with South Korea).
Proton's legal department was contacted (8 times), but they never responded.



Emails from Proton Mail users to non-Proton Mail users
• End-to-end encrypted if the Password-protected Emails feature is selected.
• Otherwise encrypted with TLS if the non-Proton Mail mail server supports it (most providers such as Gmail, Yahoo, Hotmail, etc, support TLS). Note, since these messages are encrypted but not end-to-end encrypted, Gmail, Yahoo, Hotmail, etc will be able to read these messages and hand them over.
This is not possible if you use Password-protected Emails, which enable Proton Mail's end-to-end

[tomek@vz]

Citiraj:

The Linux kernel was just patched moments ago for a new CPU security vulnerability... VMSCAPE. VMSCAPE affects both Intel and AMD processors.

VMSCAPE is an issue around indirect branch predictor flushes. VMSCAPE is described as:

"vmscape is a vulnerability that essentially takes Spectre-v2 and attacks host userspace from a guest. It particularly affects hypervisors like QEMU.

Even if a hypervisor may not have any sensitive data like disk encryption keys, guest-userspace may be able to attack the guest-kernel using the hypervisor as a confused deputy.

There are many ways to mitigate vmscape using the existing Spectre-v2 defenses like IBRS variants or the IBPB flushes. This series focuses solely on IBPB because it works universally across vendors and all vulnerable processors. Further work doing vendor and model-specific optimizations can build on top of this if needed / wanted."

VMSCAPE affects Intel CPUs, going back at least to Skylake and up through Alder Lake and newer processors that are affected by BHI.

> Phoronix

Citiraj:

ZynorRAT Exploits Windows and Linux Systems to Gain Remote Access

> gbhackers

[tomek@vz]

Citiraj:

Autor rodriguez

Proton terminira racune hakerima i novinarima samo na osnovu prijave i to ne drzave ili policije

Honeypot

https://x.com/vxunderground/status/1965775209715360151


https://x.com/ProtonPrivacy/status/1965706736750198965

Malo vise na temu:

Citiraj:

The company behind the Proton Mail email service, Proton, describes itself as a "neutral and safe haven for your personal data, committed to defending your freedom." But last month, Proton disabled email accounts belonging to journalists reporting on security breaches of various South Korean government computer systems following a complaint by an unspecified cybersecurity agency. After a public outcry, and multiple weeks, the journalists' accounts were eventually reinstated -- but the reporters and editors involved still want answers on how and why Proton decided to shut down the accounts in the first place.

Martin Shelton, deputy director of digital security at the Freedom of the Press Foundation, highlighted that numerous newsrooms use Proton's services as alternatives to something like Gmail "specifically to avoid situations like this," pointing out that "While it's good to see that Proton is reconsidering account suspensions, journalists are among the users who need these and similar tools most." Newsrooms like The Intercept, the Boston Globe, and the Tampa Bay Times all rely on Proton Mail for emailed tip submissions. Shelton noted that perhaps Proton should "prioritize responding to journalists about account suspensions privately, rather than when they go viral." On Reddit, Proton's official account stated that "Proton did not knowingly block journalists' email accounts" and that the "situation has unfortunately been blown out of proportion."

The two journalists whose accounts were disabled were working on an article published in the August issue of the long-running hacker zine Phrack. The story described how a sophisticated hacking operation -- what's known in cybersecurity parlance as an APT, or advanced persistent threat -- had wormed its way into a number of South Korean computer networks, including those of the Ministry of Foreign Affairs and the military Defense Counterintelligence Command, or DCC. The journalists, who published their story under the names Saber and cyb0rg, describe the hack as being consistent with the work of Kimsuky, a notorious North Korean state-backed APT sanctioned by the U.S. Treasury Department in 2023. As they pieced the story together, emails viewed by The Intercept show that the authors followed cybersecurity best practices and conducted what's known as responsible disclosure: notifying affected parties that a vulnerability has been discovered in their systems prior to publicizing the incident.

[kopija]

Švabi spasili stvar.
Za sad.

[Bono]

Problem je i Hrvatska zasto je za? Steta sto se ne moze vidjeti koji je od europarlamentaraca za ovo smece od zakona.

Sent from my SM-S931B using Tapatalk

[xlr]

https://fightchatcontrol.eu/

Ne daje bas potpune odgovore tko je za, samo vidim one protiv... Barem nesto.

[medo]

Punica me žica da joj stavim Lidl Plus app na mob. Ja njoj pred njenim babama samo pokušam objasniti zašto je to loše ali zaboli njih. One ganjaju svaki popust makar dva centa i one si to žele.

Kažem ja njima da si ja kao iskusni ITovac teško mogu predočiti veličinu i skupoću sustava koji skuplja i čuva sve što su milijuni ljudi kupovali (što, gdje, kada, iznosi…) te obrađuje, analizira, ovo-ono… vjerojatno milijune transakcija dnevno. A zašto?

Zašto bi jedan Lidl platio tolike novce da se taj sustav izgradi i održava? Zato da si dodatno izbijaju novce iz džepa dajući popuste penzićima?

I kažem…. Vrijeme prolazi a ljudi kukaju kako je sve skuplje. Što mislite zašto? Pa zato jer trgovci točno znaju što želite i to vam naplate. Tehnologija im to omogućava a vi bedaci ih dobrovoljno hranite tim informacijama!

Badava pričati. Prodat će dušu crnom vragu za 5% popusta na mjeveno meso. A sutra ih neće biti (njih penzića) pa ih je baš briga. To i sami kažu.

Bottom line: penziće je strašno lako manipulirati i pitam se da li takvim ljudima uopće treba dati mogućnost odlučivanja…