Premium members can now boost us, so that the channel is able to share stories and keep you updated:
/channel/kalilinux?boost
Microsoft researchers said on Thursday they found what they believe is a network of fake, Chinese-controlled social media accounts seeking to influence U.S. voters by using artificial intelligence.
A Chinese embassy spokesperson in Washington said that accusations of China using AI to create fake social media accounts were "full of prejudice and malicious speculation" and that China advocates for the safe use of AI.
In a new research report, Microsoft said the social media accounts were part of a suspected Chinese information operation. The campaign bore similarities to activity which the U.S. Department of Justice has attributed to "an elite group within (China's) Ministry of Public Security," Microsoft said.
https://www.reuters.com/world/china-may-be-behind-social-media-accounts-seeking-sway-us-voters-microsoft-says-2023-09-07/
@kalilinux
YouTube legal team asked Invidious developers to take down the service within 7 days.
In response, the project manager of the Invidious project replied on GitHub that they never agreed to any of YouTube's Terms of Services or Policies, and that Invidious doesn't use YouTube's API to fetch and display the videos. He added that “Things will continue normally until they can't anymore.”, implying that they're not going to comply with YouTube legal team's request.
@kalilinux
https://alternativeto.net/news/2023/6/youtube-legal-team-asked-invidious-developers-to-take-down-the-service-within-7-days/
Reddit is getting ready to slap third-pary apps with millions of dollars in API fees, and many Reddit users are unhappy about it. A widespread protest is planned for June 12, with hundreds of big and small subreddits planning to go dark for at least 48 hours.
@kalilinux
https://arstechnica.com/gadgets/2023/06/reddits-plan-to-kill-third-party-apps-sparks-widespread-protests/
Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.
US government agencies, including the National Security Agency, the Cybersecurity and Infrastructure Security Agency (CISA), and the Justice Department published a joint advisory about Volt Typhoon's activity today alongside Canadian, UK, and Australian intelligence. “Private sector partners have identified that this activity affects networks across US critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide,” the agencies wrote.
@Kalilinux
https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
Congress is debating, for a third time, the EARN IT Act (S. 1207)—a bill that would threaten encryption, and instead seek to impose universal scanning of our messages, photos, and files.
US citizens need to take action now!
@kalilinux
https://act.eff.org/action/the-earn-it-act-is-back-seeking-to-scan-us-all
Washingtonpost reported that the spy balloon which overflew the continental U.S. in February had sophisticated reconnaissance capabilities, possibly including "synthetic aperture radar," which can see at night and penetrate clouds, topsoil, and thin materials.
Synthetic aperture radar, or SAR, sends pulses of microwaves at the Earth to create images. Unlike traditional optical sensors, this allows SAR to return images at night and to penetrate clouds, smoke, topsoil, ice and snow. SAR has also been shown to penetrate thin materials, including tarps, revealing objects beneath.
The amount of power the Chinese balloon could generate was “humongous,” said Paul Byrne, an associate professor at Washington University in St. Louis and a specialist in remote sensing. It was about 100 times that generated by balloons such as Google’s Loon, which provides internet service, and nearly twice that generated by some orbital SAR satellites.
@kalilinux
The encrypted-messaging app Signal has said it would stop providing services in the UK if a new law undermined encryption.
If forced to weaken the privacy of its messaging system under the Online Safety Bill, the organisation "would absolutely, 100% walk" Signal president Meredith Whittaker told the BBC
@kalilinux
https://www.bbc.com/news/technology-64584001
Two security flaws have been disclosed in Samsung's Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web.
It's worth noting here that the shortcoming only impacts Samsung devices that are running Android 12 and before, and does not affect those that are on the latest version (Android 13).
https://thehackernews.com/2023/01/samsung-galaxy-store-app-found.html
@kalilinux
Just recently, Citizen Lab published an article, uncovering Iran’s Mobile Legal Intercept System.
A confidential source sent the online news organization, The Intercept, a series of internal documents and communications providing details on what appear to be plans to develop and launch an Iranian mobile network, including subscriber management operations and services, and integration with a legal intercept solution. Some of this communication included representatives of the Communications Regulatory Authority of Iran (CRA). In October 2022, The Intercept shared this material with Citizen Lab researchers for analysis. The following report provides a summary of Citizen Lab's analysis of this material and discusses its wider implications.
https://citizenlab.ca/2023/01/uncovering-irans-mobile-legal-intercept-system/
@kalilinux
Ukraine's Cyber Police said it dismantled another Russian bot farm operating inside its borders. The group operated out of 13 locations using more than 100,000 SIM cards and 1.5 million online accounts to spew Russian propaganda inside Ukraine and abroad.
read it on Ukraine's cyberpolice website
or here (This one is in english)
@kalilinux
due to some requests and also the new telegram updates which made group management easier than before, here we announce the channel's group to our members. you're all very welcome to discuss on all things geek:
/channel/+wVJaEGEULQo3MGU6
🤖 Telegram Mini App Contest
Prize fund: $50,000
Deadline: 23:59 on October 9th (Dubai time)
Who can participate: Everyone
Results: October 31st, 2023
Telegram is launching a contest for developers of Mini Apps like this one. One of the goals of this competition is to create a variety of examples and reusable tools for future Mini App developers.
The Task:
The task is to build any useful Mini App for Telegram and publish its client and server code on Github.
Your submission must include:
• A GitHub repository containing the source code of your example Mini App, built from scratch. You can use any programming language for the server-side code. The source code of your app must be easy to understand and reusable for any developer starting to build Mini Apps for Telegram. For more, see the “Mini App requirements” section below.
• Comprehensive and organized documentation in English, including a setup guide. Ensure the guide addresses every element of your solution, and the documentation details all potential errors and exceptions. It should be written in a user-friendly way that is approachable even for inexperienced developers. Translations in other languages are welcome too.
---
Mini App requirements:
• Design a simple yet functional app. For reference, see @DurgerKingBot or @wallet.
• Your solution should include at least one fully functional Mini App example. Example apps are allowed to showcase fictional services or generate placeholder data, such as creating a mock store.
• It is strictly prohibited to implement a browser view of actual webpages, the Mini App must be a separate entity built from scratch solely for its purpose. For example a "Weather App" submission that only provides a browser view for an existing weather website is not allowed. That said, actual webpages are allowed for authorization flows where a user is required to sign up or log in to use the service.
• Recommended Mini App categories include games, dating, community management, venue booking, e-commerce, сontent editing, etc.
• Each additional Mini App example can qualify for extra rewards, but only if it represents a different app category.
Evaluation Criteria:
We will evaluate each submission's code and documentation quality from the developer perspective, as well as its example Mini Apps from the user perspective. The app should be useful for developers, users, or both.
____
@ContestBot will begin accepting submissions at a later date. We will further clarify the submission instructions closer to the deadline.
https://www.eff.org/deeplinks/2023/07/fbi-seizure-mastodon-server-wakeup-call-fediverse-users-and-hosts-protect-their
@kalilinux
🔍Call for Testers: Help the Tor Project to test Conjure on Tor Browser Alpha!
We are thrilled to announce that Conjure, a new pluggable transport is now supported in the alpha version of Tor Browser for Desktop and Android. Conjure is an anti-censorship tool that uses refraction networking (aka decoy routing) that will help users to bypass censorship and connect to the Tor network. We need your help to test if Conjure works in regions that the Tor network is blocked.
Your feedback will help us identify issues with this new pluggable transport and ensure its reliability.
What is Conjure?
Conjure is an anti-censorship tool in the refraction networking (a.k.a. decoy routing) lineage of circumvention systems. The key innovation of Conjure is to turn the unused IP address space of deploying Internet Service Providers (ISPs) into a large pool of phantom proxies that users can connect to. Due to the size of unused IPv6 address space and the potential for collateral damage against real websites hosted by the deploying ISPs, Conjure provides an effective solution to the problem of censors enumerating deployed bridges or proxies.
# How to test Conjure
‼️ Important note on risk assessment
Please only download Tor Browser Alpha if you are okay with some things not working properly, want to help us find and report bugs, and are not putting yourself at risk. Be aware that testing a new pluggable transport may call attention of censors.
To participate in this testing program, please follow these steps:
💻 Desktop
1. Download and install the latest alpha version of Tor Browser for Desktop (make sure you have a backup of your existing browser setup).
https://www.torproject.org/download/alpha/
2. Open Tor Browser and navigate to the Connection preferences window. Or Click on "Configure Connection...".
Menu > Settings > Connection (about:preferences#connection)
3. Click on "Add a Bridge Manually". Copy and add the bridge line below in the field.
conjure 143.110.214.222:80 url=https://registration.refraction.network.global.prod.fastly.net/api front=cdn.sstatic.net
4. Click "OK" to close the bridge dialog. Finally, scroll up and click on "Connect".
5. If you see a purple screen "Test. Thoroughly." or if your Tor Browser Alpha was updated, you will see "Tor Browser has been updated”. Then, it means Conjure is working and you can use it for your browsing activities.
6. Take note of any issues, errors, or unexpected behavior you encounter while trying to connect to Tor using Conjure.
📱 Android
1. Download and install the latest alpha version of Tor Browser for Android.
2. When you run Tor Browser for the first time, you will see the option to connect directly to the Tor network, or to configure Tor Browser for your connection with the settings icon.
3. Tap on the settings icon. Tor Browser will take you through a series of configuration options. The first screen will tell you about the status of the Tor Network and provide you the option to configure a Bridge ('Config Bridge'). Tap on 'Config Bridge'.
4. Choose the "Provide a Bridge I know" option and then enter this bridge address:
conjure 143.110.214.222:80 url=https://registration.refraction.network.global.prod.fastly.net/api front=cdn.sstatic.net
5. Tap 'OK' and, if everything works well, it will connect.
📝 Submit your feedback
Submit your feedback and findings here on this topic or use Conjure Gitlab for technical reports. Include a clear description of the problem, your Tor logs, steps to reproduce it, and any relevant details.
By testing Conjure and reporting any issues, bugs, or suggestions, you will contribute significantly to refining its performance and optimizing its capabilities. Your participation will not only benefit the Tor community but also help advance the Internet freedom community.
https://forum.torproject.net/t/call-for-testers-help-the-tor-project-to-test-conjure-on-tor-browser-alpha/7815
In a surprising move, Japan’s government recently reaffirmed that it will not enforce copyrights on data used in AI training. The policy allows AI to use any data “regardless of whether it is for non-profit or commercial purposes, whether it is an act other than reproduction, or whether it is content obtained from illegal sites or otherwise.”
@Kalilinux
https://technomancers.ai/japan-goes-all-in-copyright-doesnt-apply-to-ai-training/
May 25 (Reuters) - Elon Musk's brain-implant company Neuralink on Thursday said the U.S. Food and Drug Administration (FDA) had given the green light to its first-in-human clinical trial, a critical milestone after earlier struggles to gain approval.
@Kalilinux
https://www.reuters.com/science/elon-musks-neuralink-gets-us-fda-approval-human-clinical-study-brain-implants-2023-05-25
Researchers have developed a point-based image manipulation system that uses generative artificial intelligence (AI) technology to allow users to precisely control the pose, shape, expression, and layout of objects. It’s like Photoshop’s Warp tool, but far more powerful. You’re not just smushing pixels around, but using AI to re-generate the underlying object. You can even rotate images as if they were 3D.
@Kalilinux
https://www.theverge.com/2023/5/19/23729633/ai-research-draggan-manipulate-images-click-and-drag
Google took a step toward to a “passwordless future.”
The search engine company announced on Tuesday -- the day before World Password Day -- that it's begun rolling out a new security tool that allows you to sign in to your Google accounts using a passkey instead -- no password required. Apple and Microsoft have also said they will embrace passwordless logins.
Passkeys are a type of login credential that removes the need for passwords. The authentication requires either biometric authentication -- such as a fingerprint or facial recognition -- or a PIN or swipe pattern for access.
https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
@kalilinux
https://www.cnet.com/tech/services-and-software/no-more-passwords-how-to-sign-in-to-your-google-account-using-a-passkey/
Proton, the Geneva, Switzerland-based company behind the end-to-end encrypted email service Proton Mail, as well as Proton VPN, Proton Drive and Proton Calendar, is announcing a brand new product today. And it’s a password manager called Proton Pass.
Like other Proton products, the company is insisting on the privacy and security features of this new password manager. Everything you store in Proton Pass is end-to-end encrypted, including passwords (obviously), email addresses, URLs and notes.
@kalilinux
https://techcrunch.com/2023/04/20/proton-announces-proton-pass-a-password-manager/?guccounter=1
Eric Hughes published the magnificent Cypherpunk's Manifesto 30 years ago.
https://nakamotoinstitute.org/static/docs/cypherpunk-manifesto.txt
@kalilinux
❄️The team that runs the primary Tor Snowflake bridge is raising funds to pay for server operating expenses such as bandwidth, hardware, and maintenance.. You can help the project by donating to the project on Open Collective: https://opencollective.com/censorship-circumvention/projects/snowflake-daily-operations
Читать полностью…Slack discloses security breach, access to code repositories!
The company claims that "customers were not affected, no action is required, and the incident was quickly resolved." No downloaded repositories contained customer data, meaning perpetrators could not access user information or Slack's primary codebase.
https://cybernews.com/security/slack-admits-security-breach/
@kalilinux
The Right To Repair Bill that Louis Rossmann fought valiantly for, was just signed by Governor Hochul in NY. A bipartisan win for Americans that passed 147-2! But it was sabotaged by the Governor, rendering it effectively useless with one line of text.
The text in question:
This agreement eliminates the bill's original requirement calling for original equipment manufacturers to provide the public any passwords, security codes, or materials to override security features, and allows for original equipment manufacturers may provide assemblies of parts rather than individual components when the risk of improper installation heightens the risk of injury.
More on this with Louis Rossman himself:
https://www.youtube.com/watch?v=7xGBB-717AI
@kalilinux
Sorry, a bit late. but the day has come and Atom is officially discontinued.
Atom's founder, Nathan Sobo, has announced that he's building the "spiritual successor" to Atom, titled Zed. Unlike Atom, Zed will be written in Rust and will not be using the Electron framework.
read more..
@kalilinux