General

general@lists.hackerspace.pl

1059 discussions

Fwd: Meet the iMarker, Russian targeted ad service which analyze your traffic on ISP side
by rysiek 09 Jan '15

09 Jan '15

Intredasting... ---------- Treść przekazywanej wiadomości ---------- Temat: Meet the iMarker, Russian targeted ad service which analyze your traffic on ISP side Data: czwartek, 8 stycznia 2015, 20:45:13 How it works? ISPs install the iMarker equipment and mirror all user's traffic on it (Russian surveillance system, SORM, works the same way). Software takes time, URL and HTTP Headers from HTTP requests. Then scraper with IP 92.242.35.54 and User-Agent WebIndex follow every visited URL and analyze its content. All this information used to build a profile for user. They says that information is removed right after analysis, and software saves only result of that analysis. Their website lists that they categorize users by search queries, online shopping activity, time of visits, activity on social networks, keywords on visited pages, visited websites, social-demographic info, such as sex, age, marital status, and education level, and then they use that data to distribute users for consumers groups. Every user has some kind of pseudonymous ID with linked profile. It's also has an opt-out option http://www.imrk.net/status How many users affected? They says it's 38 million people all over Russia. Minister of Communication Nikolay Nikiforov said in 2014 there was 62 million people in Russia using Internet, 56m of them do it every day, so it's 61% of Russian Internet users. iMarker's website list Akado, Rostelecom, ER-Telecom, NetByNet, Qwerty, and TTK as ISPs that installed iMarker's equipment. How to check if this affects you? If you are a client of Russian ISP, you can check it here http://imarker.valdikss.org.ru If you own a webserver, grep the logs for connections from 92.242.35.54. How do check script works? It generate a random link and wait for 3 seconds for connection from iMarker's IP address. How long iMarker works? Company start work on January 2010, commercial sells started on August 2011. http://imarker.valdikss.org.ru/ — script that checks if your ISP use iMarker http://www.vedomosti.ru/tech/news/15669231/bolshoj-reklamnyj-brat — report on iMarker from 2013, says they are ready to provide free DPI to ISPs in exchange of user's data (Russian) http://sporaw.livejournal.com/347832.html — blog post quoting private mails from iMarker's crew (Russian) http://www.imrk.net/privacy — TOS (Russian) http://habrahabr.ru/post/247465/ — blog post about iMarker (Russian) http://www.imarker.ru/ — iMarker website (Russian) http://www.imrk.net/status — opt-out page (Russian) http://minsvyaz.ru/ru/news/index.php?id_4=44571 — Nikiforov's statement on number of Russian Internet users (Russian) -- https://nesterov.pw GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4 https://keybase.io/komachi/key.asc ----------------------------------------- -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

1 0

Microsoft patch batch pre-alerts now for paying customers ONLY
by rysiek 09 Jan '15

09 Jan '15

Welp, prosz: http://www.theregister.co.uk/2015/01/09/ms_restricts_security_pre_alerts/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Microsoft is facing fierce criticism over its decision to make pre- notification of upcoming patches available only to paid subscribers. The Advance Notification Service (ANS) formerly made information on upcoming software patches available to the public but from now on the information will be restricted to “premier” customers and some other select partners. Chris Betz, senior director of the Microsoft Security Response Center, explained in a blog post that Microsoft was restricting distribution of the patching pre-alert out of a desire to reduce "clutter". Betz argued that the security heads-up notice was no longer of much utility to the majority of its customers. We are making changes to how we distribute ANS to customers. Moving forward, we will provide ANS information directly to Premier customers and current organisations involved in our security programs, and will no longer make this information broadly available through a blog post and web page. ANS has always been optimized for large organizations. However, customer feedback indicates that many of our large customers no longer use ANS in the same way they did in the past due to optimised testing and deployment methodologies. While some customers still rely on ANS, the vast majority wait for Update Tuesday, or take no action, allowing updates to occur automatically. More and more customers today are seeking to cut through the clutter and obtain security information tailored to their organizations. Rather than using ANS to help plan security update deployments, customers are increasingly turning to Microsoft Update and security update management tools such as Windows Server Update Service to help organize and prioritize deployment. Customers are also moving to cloud-based systems, which provide continuous updating. Jon Rudolph, principal software engineer at Core Security, argued that rather than "just cutting through the clutter", Microsoft is "hiding their security report card from the general public". "The vulnerabilities teach us something every month about software, security, mistaken assumptions, and the quality of the product, and (indirectly) threats, whether we currently use that product or not," said Rudolph. "It would appear the list is still available for a price, and by encouraging users toward the new myBulletins, Microsoft takes some control away from the users on this transition." Ross Barrett, senior manager of security engineering at Rapid7, the developers of the Metasploit penetration testing tool, is even more critical. “This is an assault on IT and IT security teams everywhere," Barrett commented. "Making this change without any lead-up time is simply oblivious to the impact this will have in the real world. Microsoft is basically going back to a message of 'just blindly trust' that we will patch everything for you. Honestly, it's shocking.” In the absence of a published pre-alert, we don't know what patches or how many will appear on the first Patch Tuesday of 2015, which is due to drop on 13 January. Whether or not there will be a patch to address a local privilege escalation vulnerability in Windows 8.1 discovered by Google and published in late December is one key point of interest for next week, as noted in a blog post by Wolfgang Kandek, CTO of Qualys, here. ® - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

1 0

Nowy VMM - novm
by Robert Sebastian Gerus 08 Jan '15

08 Jan '15

https://github.com/google/novm -- iNsanity!

5 25

Let's Encrypt
by viq 08 Jan '15

08 Jan '15

Darmowe CA od Mozilli, Google, EFF https://letsencrypt.org/ -- viq

15 37

ProtoCycler
by rysiek 08 Jan '15

08 Jan '15

Joł, widzieli? https://www.indiegogo.com/projects/protocycler-free-sustainable-3d-printer-… -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

6 7

Szukta azjatycka z instytutu Smithsonianskiego
by Robert Sebastian Gerus 05 Jan '15

05 Jan '15

http://www.asia.si.edu/collections/edan/default.cfm -- iNsanity!

1 0

R we going there or R we just here & now?
by Daj Nóż 03 Jan '15

03 Jan '15

już tam tu jesteśmy czy jeszcze coś nam zostało ? https://medium.com/@hansdezwart/ai-weiwei-is-living-in-our-future-474e5dd15… pozdro

5 6

CTF
by rysiek 02 Jan '15

02 Jan '15

Panowie, co to wiecie, że to o Was chodzi. Może byście się pochwalili, eh? ;) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

2 2

Linear dual axis stepper motor
by spin＠hackerspace.pl 02 Jan '15

02 Jan '15

http://www.ebmia.pl/pliki/dodatkowe/katalog%20baldor%20_1409049822.pdf stona 42 Aktuator liniowy dwuosiowy (xy), wydaje się rozwiniętym na płasko stepperem. Wygląda jak mega fajna sprawa. Ktoś wie jak to jest zbudowane, lub cokolwiek więcej o tym urządzeniu, ew. podobnych?

4 10

korekta dziennikarska - hakerzy -
by Daj Nóż 01 Jan '15

01 Jan '15

co sie z tym robi? http://tvn24bis.pl/ze-swiata,75/miniony-rok-nalezal-do-hakerow-a-w-2015-r-c…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

General