Privatnost i sigurnost podataka i korisnika - Stranica 33

tomek@vz · Danas, 07:33

Citiraj:

Microsoft introduced support for the RC4 stream cipher in Windows 2000 as the default authentication algorithm for the Active Directory services. The system has been insecure for even longer than that, and Redmond is now finally working to put the algorithm out to pasture a few months from now.

Microsoft recently confirmed that it is finally deprecating RC4, the encryption method used by the Kerberos authentication protocol for the past three decades. Developed by mathematician Ron Rivest in 1987, Rivest Cipher 4 has been vulnerable to attacks since 1994, when the secret algorithm leaked to the public.

> Microsoft will soon deprecate the insecure RC4 encryption algorithm

Citiraj:

Pirate downloads of popular media are an attractive attack vector for hackers, and the latest example demonstrates their increasingly creative tactics. While experienced users will likely detect this scam easily, it serves as a textbook example of the risks associated with torrenting the latest movies.

Bitdefender recently discovered a fraudulent torrent for the film One Battle After Another that contains an ingenious Trojan delivery mechanism. The security company claims its tools defended users against the malware from the start, but those unaccustomed to torrenting should exercise caution.

> Fake torrent for "One Battle After Another" delivers trojan through subtitles

Citiraj:

Project Zero is Google's well-reputed security team that is tasked with finding security flaws in the company's own products as well as those developed by others. Discovered security bugs are privately reported to vendors after which they are allotted 90 days to patch them. If this deadline is exceeded, the security issue is made public, which serves as a way to apply more pressure on the vendor and also give customers a chance to secure themselves independently. In some complex cases, a grace extension period is also awarded. In the past, Google Project Zero has reported bugs in CentOS, libxslt, ChromeOS, and Windows. Now, the team has disclosed a security flaw in Insider versions of Windows 11.

In a highly technical report on the Project Zero issue tracker, it can be seen that security researcher James Forshaw discovered an elevation of privilege (EoP) bug in Windows 11's Insider Preview releases. This issue was present in the Administrator Protection feature that is an upcoming Windows 11 capability that enables just-in-time elevation privileges only when needed through Windows Hello and an isolated admin token.

> Google exposes Windows 11 security flaw after Microsoft fails to patch it properly

Citiraj:

An investigation into so-called privacy extensions by security researchers has found that some are secretly harvesting and selling users' complete conversations from major AI platforms. The extensions, which are available in Microsoft Edge and other Chrome-based browsers are able to target and capture conversations from ten AI platforms including ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), and Meta AI.

A key offender identified by the investigation was Urban VPN Proxy which has over six million Chrome users and holds a Google "Featured" badge. It had a 4.7 star rating based on 58.5K ratings, giving the impression that it is a trustworthy app, but this research suggests it is not.

> Malicious VPN steals full ChatGPT and Gemini conversations of over 8 million users

Citiraj:

The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security.

"KSwapDoor is a professionally engineered remote access tool designed with stealth in mind," Justin Moore, senior manager of threat intel research at Palo Alto Networks Unit 42, said in a statement.

"It builds an internal mesh network, allowing compromised servers to talk to each other and evade security blocks. It uses military-grade encryption to hide its communications and, most alarmingly, features a 'sleeper' mode that lets attackers bypass firewalls by waking the malware up with a secret, invisible signal."

> React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

The Exiled · Danas, 13:15

Citiraj:

Texas sues five TV manufacturers over predatory ad-targeting spyware

Citiraj:

Consent is a pretty important topic in the tech space, and even more so on shared devices such as smart TVs. We recently learned that Microsoft and LG are receiving a lot of backlash for forcefully installing the Copilot app on the latter's TV without user consent or the ability to uninstall. Now, it seems like multiple TV manufacturers are being sued for committing an even more egregious sin. The Texas Attorney General (AG) has sued five major TV manufacturers, namely:

Sony
Samsung
LG
HiSense
TCL

The reason behind the lawsuit involves allegedly using Automated Content Recognition (ACR) technology to capture what customers are currently watching. According to the filing, ACR is capable of taking screenshots after every 500 milliseconds (that's two screenshots every second!), understand what the user is watching in real-time, and more importantly, send this data back to the TV-makers without explicit consent from the end-user. The lawmaker also emphasized the dangers of sending the data of U.S. customers back to Chinese servers belonging to HiSense and TCL. Both these firms follow China's National Security Law, which means that the government can gain access to their data - and U.S. customer data - at any point. ACR is typically used by TV manufacturers to fingerprint their users so that they can tailor personalized content and ad experiences that they are more likely to watch. It is typically enabled by default on most modern smart TVs but can usually be disabled by the user in the device's privacy settings.

Izvor: Neowin

Jebena stvar im je ova ACR "opcija" za koju tak jasno većina ljudi diljem svijeta (gdje se ovi TV-i prodaju) uopće ne zna, a kamoli da ju isključe, ako to uopće ima kakav efekt.

tomek@vz · Danas, 15:13

Citiraj:

Autor The Exiled

Jebena stvar im je ova ACR "opcija" za koju tak jasno većina ljudi diljem svijeta (gdje se ovi TV-i prodaju) uopće ne zna, a kamoli da ju isključe, ako to uopće ima kakav efekt.

Baš kad naručio TCL telku...damn...

Night · Danas, 16:06

Citiraj:

Autor The Exiled

Jebena stvar im je ova ACR "opcija" za koju tak jasno većina ljudi diljem svijeta (gdje se ovi TV-i prodaju) uopće ne zna, a kamoli da ju isključe, ako to uopće ima kakav efekt.

Dopustiti smart TVu da uopće ima ikakvu mrežnu povezivost je golema greška što se sigurnosti i privatnosti tiče, još od prije 10+ godina kad je Samsung uredno slao na svoje servere popise datoteka sa sticka kad ga uštekaš do danas kad je to postala već razina 1984. Samo još fali da maknu OFF tipku i to je to.

The Exiled · Danas, 16:10

Da, ali ljudi žele taj toliko im reklamirani tzv. smart-home, pa je sve skupa fino izokrenuto naglavačke, do te mjere da se više ne može izbjeći.

Citiraj:

Samsung and other companies force consumers to go through multistep menus to exercise their privacy choices, Texas said. “Consumers must circumnavigate a long, non-intuitive path to exercise their right to opt-out,” the Samsung lawsuit said. This involves selecting menu choices for Settings, Additional Settings, General Privacy, Terms & Privacy, Viewing Information Services, and, finally, “Disable,” the lawsuit said. There are “additional toggles for Interest-Based Ads, Ad Personalization, and Privacy Choices,” the lawsuit said.

kopija · Danas, 16:34

Slabo je to, samo špija šta gledaš.
Treba špijat i šta govoriš, ko smartphone.

lowrider · Danas, 16:51

Ili ko u onom filmu (al mislim da su mobiteli bili u pitanju) kroz zvučnike šalje visoku frekvenciju pa prima kroz mikrofon kao sonar i mapira u 3d prostor u kojem se nalazi.

Nevjerojatno je da se neko tam u Kini bavi time da svake sekunde 2 skrinšota s mog tevea tam nedgje kod njih da bi to neko proučavao.

Ajd kužim ako to radi dok su neke emisije dokumentarne koje prikazuju nešto od sigurnosnog značaja, da vide neke rasporede zgrada, načina gradnje itd

Sad zbilja je moguće da su nas prisluškivali preko štednih žarulja

Danas, 16:51	#967
lowrider Premium Moj komp Datum registracije: May 2008 Lokacija: KR Postovi: 1,171	Ili ko u onom filmu (al mislim da su mobiteli bili u pitanju) kroz zvučnike šalje visoku frekvenciju pa prima kroz mikrofon kao sonar i mapira u 3d prostor u kojem se nalazi. Nevjerojatno je da se neko tam u Kini bavi time da svake sekunde 2 skrinšota s mog tevea tam nedgje kod njih da bi to neko proučavao. Ajd kužim ako to radi dok su neke emisije dokumentarne koje prikazuju nešto od sigurnosnog značaja, da vide neke rasporede zgrada, načina gradnje itd Sad zbilja je moguće da su nas prisluškivali preko štednih žarulja __________________ Lowrider

Danas, 16:34	#966
kopija DIY DILETANT Datum registracije: Jan 2009 Lokacija: Čistilište Postovi: 3,714	Slabo je to, samo špija šta gledaš. Treba špijat i šta govoriš, ko smartphone.

Oglasni prostor
PC Ekspert Forum Oglas