Leaderboard

Nu cred ca Whatsapp ar incepe sa decripteze mesajele private daca au in policy asta. Daca intr-adevar fac asta si sunt prinsi, o sa le crape actiunile celor de la Facebook. Aici zic ce colecteaza: Your Account Information - nu e nimic special aici, la fel cere si Google, Microsoft, banca si alte site-uri; eventual poate sa-ti creeze un shadow profile in Facebook in caz ca nu ai cont si, in momentul in care ti-l creezi, sa-ti dea o lista de prieteni pe baza agendei telefonice la sugestii Your Messages - specifica faptul ca sunt doua situatii in care stocheaza date: in momentul in care userul e offline ca sa poata sa-i trimita mesajul pe telefon atunci cand revine in aplicatie pentru fisiere media - aici e un pic cu semnul intrebarii pentru ca, fiind companie americana, s-ar putea sa bage pe viitor vreo clauza DMCA si sa blocheze contul daca sunt transferate materiale cu copyright We offer end-to-end encryption for our Services - asigurarea lor ca nu vor citi mesajele Your Connections iti aduna contactele din agenda pentru a te ajuta sa te conectezi mai rapid cu alti oameni care folosesc Whatsapp acelasi lucru il fac si Telegram si Signal daca datele astea ajung la Facebook, singurul lucru pe care Facebook poate sa-l faca cu ele e sa-ti dea sugestii de prieteni pe baza agendei telefonice sau sa genereze pentru fiecare contact cate un shadow profile Status Information - e mai mult sau mai putin aceeasi functionalitate care era pe Y!M, mai nimeni nu foloseste statusul pe Whatsapp Transactions And Payments Data - e pentru un serviciu de plati care nu e disponibil la noi Customer Support And Other Communications - nimic special aici Usage And Log Information ce pot sa faca aici e sa vada ca vorbesti foarte mult cu X-ulescu pe Whatsapp (nu se vad mesajele, dar se va vedea traficul) si sa ti-l recomande ori ca prieten pe Facebook, ori, daca e deja prieten, sa ti-l puna mai sus in lista Device And Connection Information - nimic special aici, ia detalii tehnice despre telefonul tau ca sa stie sa te ajute in caz ca crapa ceva sau sa poata sa faca repro Location Information - prin asta, Facebook poate sa-ti arunce reclame mai targhetate pe zona ta, gen pizzerii din zona, evenimente, etc. Cookies - nimic special aici In afara de a te bombarda cu reclame targhetate si de a-ti da sugestii de prieteni pe Facebook, ce se mai poate intampla e ca politia sau alte organe sa faca un request pe https://www.facebook.com/records/login/ si sa ceara o lista cu toate persoanele (si numerele de telefon din profilul respectivilor) cu care X a comunicat. Nu vor fi mesajele efective, dar vor fi metadate (X a discutat cu Y la orele a,b,c; cu Z la orele d,e,f) care pot fi folosite mai departe pentru a-i localiza pe respectivii. La fel, pe baza request-ului, se pot lega discutiile de conturile de Facebook ale lui X, Y, Z, IP-uri, timestamp-uri, geolocation, activitate, etc.

https://ibb.co/gr2gXWm

WhatsApp Will Disable Your Account If You Don't Agree Sharing Data With Facebook January 06, 2021 Ravie Lakshmanan "Respect for your privacy is coded into our DNA," opens WhatsApp's privacy policy. "Since we started WhatsApp, we've aspired to build our Services with a set of strong privacy principles in mind." But come February 8, 2021, this opening statement will no longer find a place in the policy. The Facebook-owned messaging service is alerting users in India of an update to its terms of service and privacy policy that's expected to go into effect next month. The "key updates" concern how it processes user data, "how businesses can use Facebook hosted services to store and manage their WhatsApp chats," and "how we partner with Facebook to offer integrations across the Facebook Company Products." The mandatory changes allow WhatsApp to share more user data with other Facebook companies, including account registration information, phone numbers, transaction data, service-related information, interactions on the platform, mobile device information, IP address, and other data collected based on users' consent. Unsurprisingly, this data sharing policy with Facebook and its other services doesn't apply to EU states that are part of the European Economic Area (EEA), which are governed by the GDPR data protection regulations. The updates to WhatsApp terms and privacy policy come on the heels of Facebook's "privacy-focused vision" to integrate WhatsApp, Instagram, and Messenger together and provide a more coherent experience to users across its services. Users failing to agree to the revised terms by the cut-off date will have their accounts rendered inaccessible, the company said in the notification. This effectively means that, while the profiles will remain inactive, WhatsApp will eventually end up deleting the accounts after 120 days of inactivity (i.e. not connected to the app) as part of its efforts to "maintain security, limit data retention, and protect the privacy of our users." WhatsApp's Terms of Service was last updated on January 28, 2020, while its current Privacy Policy was enforced on July 20, 2020. Facebook Company Products refers to the social media giant's family of services, including its flagship Facebook app, Messenger, Instagram, Boomerang, Threads, Portal-branded devices, Oculus VR headsets (when using a Facebook account), Facebook Shops, Spark AR Studio, Audience Network, and NPE Team apps. It, however, doesn't include Workplace, Free Basics, Messenger Kids, and Oculus Products that are tied to Oculus accounts. What's Changed in its Privacy Policy? In its updated policy, the company expands on the "Information You Provide" section with specifics about payment account and transaction information collected during purchases made via the app and has replaced the "Affiliated Companies" section with a new "How We Work With Other Facebook Companies" that goes into detail about how it uses and shares the information gathered from WhatsApp with other Facebook products or third-parties. This encompasses promoting safety, security, and integrity, providing Portal and Facebook Pay integrations, and last but not least, "improving their services and your experiences using them, such as making suggestions for you (for example, of friends or group connections, or of interesting content), personalizing features and content, helping you complete purchases and transactions, and showing relevant offers and ads across the Facebook Company Products." One section that's received a major rewrite is "Automatically Collected Information," which covers "Usage and log Information," "Device And Connection Information," and "Location Information." "We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services (including when you interact with a business), and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports. This also includes information about when you registered to use our Services; the features you use like our messaging, calling, Status, groups (including group name, group picture, group description), payments or business features; profile photo, "about" information; whether you are online, when you last used our Services (your "last seen"); and when you last updated your "about" information." WhatsApp's revised policy also spells out the kind of information it gathers from users' devices: hardware model, operating system information, battery level, signal strength, app version, browser information, mobile network, connection information (including phone number, mobile operator or ISP), language and time zone, IP address, device operations information, and identifiers (including identifiers unique to Facebook Company Products associated with the same device or account). "Even if you do not use our location-related features, we use IP addresses and other information like phone number area codes to estimate your general location (e.g., city and country)," WhatsApp updated policy reads. Concerns About Metadata Collection While WhatsApp is end-to-end encrypted, its privacy policy offers an insight into the scale and wealth of metadata that's amassed in the name of improving and supporting the service. Even worse, all of this data is linked to a user's identity. Apple's response to this unchecked metadata collection is privacy labels, now live for first- and third-party apps distributed via the App Store, that aim to help users better understand an app's privacy practices and "learn about some of the data types an app may collect, and whether that data is linked to them or used to track them." The rollout forced WhatsApp to issue a statement last month. "We must collect some information to provide a reliable global communications service," it said, adding "we minimize the categories of data that we collect" and "we take measures to restrict access to that information." In stark contrast, Signal collects no metadata, whereas Apple's iMessage makes use of only email address (or phone number), search history, and a device ID to attribute a user uniquely. There's no denying that privacy policies and terms of service agreements are often long, boring, and mired in obtuse legalese as if deliberately designed with an intention to confuse users. But updates like this are the reason it's essential to read them instead of blindly consenting without really knowing what you are signing up for. After all, it is your data. UPDATE: Why Zuckerberg Wants to Integrate WhatsApp and Facebook? In a statement shared with The Hacker News, a WhatsApp spokesperson justifies integrating both platforms by saying: "As we announced in October, WhatsApp wants to make it easier for people to both make a purchase and get help from a business directly on WhatsApp. While most people use WhatsApp to chat with friends and family, increasingly people are reaching out to businesses as well. To further increase transparency, we updated the privacy policy to describe that going forward businesses can choose to receive secure hosting services from our parent company Facebook to help manage their communications with their customers on WhatsApp." "Though of course, it remains up to the user whether or not they want to message with a business on WhatsApp. The update does not change WhatsApp's data sharing practices with Facebook and does not impact how people communicate privately with friends or family wherever they are in the world. WhatsApp remains deeply committed to protecting people's privacy. We are communicating directly with users through WhatsApp about these changes so they have time to review the new policy over the course of the next month." Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to read more exclusive content we post. Sursa; https://thehackernews.com/2021/01/whatsapp-will-delete-your-account-if.html

WHATSAPP nu e listata pe bursa este doar Facebook-ul care detine Whatsapp si nu-i afecteaza prea mult.

Pai si cum ramane cu end to end encryption? Ramane o gluma buna? Ce fel de date se shareuiesc cu facebook? E doar pt whatsapp business? https://faq.whatsapp.com/general/security-and-privacy/security-code-change-notification?lg=en&lc=US&eea=1 ei zic ca nici ei nu citesc mesajele. Pai atunci cum sa te targeteze cu reclame?

Daca are cere cont premium, fara reclame, pe WhatsApp, ar deveni reale (partial) acele mesaje idioate ca "WhatsApp nu o sa mai fie gratuit".

GKE Auditor A tool to detect a set of common Google Kubernetes Engine misconfigurations. Aimed to help security and development teams streamline configuration parts of their processes, and save time looking for generic bugs and vulnerabilities. The tool consists of individual modules called Detectors, each scanning for a specific vulnerability. This is not an officially supported Google product. Dependencies JDK 11 or later Maven Google Cloud SDK kubectl To install the dependencies on Debian, run: install-debian.sh If the tool is run from a GCP Cloud shell, all the above mentioned dependencies should be pre-installed in the Shell. To access the Cloud Shell, use the Google Cloud Console or SSH into it by running: gcloud alpha cloud-shell ssh after installing the Google Cloud SDK into your local machine. Installation git clone https://github.com/google/gke-auditor cd ./gke-auditor/ ./build.sh Authentication Before running the tool, make sure to configure access to your cluster. gcloud init gcloud auth login gcloud container clusters get-credentials CLUSTER_NAME --zone=ZONE Usage The tool has to be built by running the build.sh script first. Once the tool is built, it can be run using the auditor.sh script, using the following options: ./auditor.sh [-a] [-ast] [-c] [-d] [-h] [-i <arg>] [-p <arg>] [-q] [-r <arg>] -a,--all Run all detectors. -ast,--assets Run all detectors for each individual asset. -c,--color Turns on tool output coloring. -d,--defaults Runs detectors including Kubernetes default assets. Disabled by default. -h,--help Print help information. -i,--iso <arg> Run Node Isolation detectors. To run all detectors, omit the argument list. To specify individual detectors to run, give a list of indices: 1. NODE_SELECTOR_POD_REJECTED 2. NODE_TAINTS_POD_REJECTED 3. NODE_AFFINITY_POD_REJECTED -p,--psp <arg> Run PSP (Pod Security Policy) detectors. To run all detectors, omit the argument list. To specify individual detectors to run, give a list of indices: 1. PRIVILEGED_CONTAINERS 2. CONTAINERS_SHARING_HOST_PROCESS_ID_NAMESPACE 3. CONTAINERS_SHARING_HOST_IPC 4. CONTAINER_SHARING_HOST_NETWORK_NAMESPACE 5. CONTAINERS_ALLOW_PRIVILEGE_ESCALATION 6. ROOT_CONTAINERS_ADMISSION 7. CONTAINERS_NET_RAW_CAPABILITY 8. CONTAINERS_ADDED_CAPABILITIES 9. CONTAINERS_CAPABILITIES_ASSIGNED -q,--quiet Prints out only misconfigurations, without additional detector info. Disabled by default. -r,--rbac <arg> Run RBAC (Role Based Access Control) detectors. To run all detectors, omit the argument list. To specify individual detectors to run, give a list of indices: 1. CLUSTER_ADMIN_ROLE_USED 2. SECRET_ACCESS_ALLOWED 3. WILDCARD_USED 4. CREATE_PODS_ALLOWED 5. AUTOMOUNT_SERVICE_ACCOUNT_TOKEN_ENABLED 6. ESCALATING_RESOURCES_REPORT Examples Run all detectors ./auditor.sh or ./auditor.sh --all Run specific detectors ./auditor.sh --iso 1 --psp 2,3 --rbac This will run the first isolation detector (NODE_SELECTOR_POD_REJECTED), second and third PSP detectors (CONTAINERS_SHARING_HOST_PROCESS_ID_NAMESPACE, CONTAINERS_SHARING_HOST_IPC) and all RBAC detectors. Detectors can be chosen by specifying a list of indices in accordance with the lists given in the help section of the tool. Run detectors for individual assets ./auditor.sh --assets # Runs all detectors. ./auditor.sh --assets --iso 0 --psp 1,2 --rbac # Runs only specified detectors. A detector auditing assets for vulnerabilities individually: instead of running a detector on all available assets, runs all detectors on a single asset at a time. Additional features In addition to the above listed example, the tool can be run with following options: Coloring ./auditor.sh -c Vulnerabilities will be colored in red. Quiet mode ./auditor.sh -q Quiet mode: no additional information about vulnerabilities will be printed out besides the detector names and vulnerable assets found. Including K8s defaults ./auditor.sh -d Includes K8s defaults in the audit. A default K8s cluster will have some configurations which might be considered vulnerable by the tool. Those configurations are excluded from the audit by default, but including those defaults might be useful for some researchers (e.g. those auditing K8s itself). Detector Information For detailed information about the vulnerabilities the detectors are checking for, refer to OUTPUTS.md. References Some of the implemented detectors refer to CIS Benchmarks. Contributing See CONTRIBUTING.md. License Copyright 2020 Google LLC Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Download gke-auditor-master.zip or git clone https://github.com/google/gke-auditor.git Source

Daca am inteles eu bine nu are treaba cu trezor. E vina NXP ca chipul lor secure e vulnerabil la EM profiling. Desi specificatiile lor se lauda cu cele mai SF features vad ca tot nu a fost validat corect. Asta ridica intrebari si legat de celelalte secure crypto-processors/enclaves/elements. de ce nu si cele de la stm, qualcom, microchip? Costul nu e asa mare avand in vedere ca aceste chipuri sunt folosite si de armata, servicii secrete, guverne etc. (plm 6 ore pe o masina de $12,000. si de 10 ori mai scump tot e ok.)

Jaxx nu cere KYC. Also, ai si optiune de a face exchange intre criptomonede fara sa iti pui nici adresa de e-mail

Cam greu,daca am inteles corect ce vrei...in ziua de azi toti vor sa stie cine esti (KYC)..erau unii prin Israel,poti gasi pe google mai multe informatii.Doar pana in 300 euro fara verificare..asa ca ai ceva de munca..😀