Tag: internet

Hackers Can Silently Grab Your IP Through Skype — Microsoft Is In No Rush to Fix It

Hackers are able to grab a target’s IP address, potentially revealing their general physical location, by simply sending a link over the Skype mobile app. The target does not need to click the link or otherwise interact with the hacker beyond opening the message, according to a security researcher who demonstrated the issue and successfully discovered my IP address by using it.

Yossi, the independent security researcher who uncovered the vulnerability, reported the issue to Microsoft earlier this month, according to Yossi and a cache of emails and bug reports he shared with 404 Media. In those emails Microsoft said the issue does not require immediate servicing, and gave no indication that it plans to fix the security hole. Only after 404 Media contacted Microsoft for comment did the company say it would patch the issue in an upcoming update.

The attack could pose a serious risk to activists, political dissidents, journalists, those targeted by cybercriminals, and many more people. At minimum, an IP address can show what area of a city someone is in. An IP address can be even more revealing in a less densely populated area, because there are fewer people who could be associated with it.

“I think just about anybody could be harmed by this,” Cooper Quintin, a security researcher and senior public interest technologist at activist organization the Electronic Frontier Foundation (EFF), said when I explained the issue to him. Quintin said the major concern was “finding people’s location for physical escalations, and finding people’s IP address for digital escalations.”

To verify that the vulnerability has the impact that Yossi described, I asked him to test it out on me. To start, Yossi sent me a link via Skype text chat to google.com. The link was to the real Google site, and not an imposter.

I then opened Skype on an iPad and viewed the chat message. I didn’t even click the link. But very soon after, Yossi pasted my IP address into the chat. It was correct.

Keep reading

How a Well-Regarded Mac App Became a Trojan Horse

In the early days of macOS Mojave in 2018, Apple hadn’t offered users a way to automatically switch to dark and light mode at different times of the day. As usual, there were third-party developers eager to pick up the slack. One of the more well-regarded night mode apps to fix this issue was NightOwl, first released in the middle of 2018, a small app with a simple utility that could run in the background during day-to-day use.

With more official macOS features added in 2021 that enabled the “Night Shift” dark mode, the NightOwl app was left forlorn and forgotten on many older Macs. Few of those supposed tens of thousands of users likely noticed when the app they ran in the background of their older Macs was bought by another company, nor when earlier this year that company silently updated the dark mode app so that it hijacked their machines in order to send their IP data through a server network of affected computers, AKA a botnet.

After some users noted issues with the app after a June update, web developer Taylor Robinson discovered the problem ran deep, as the program redirected users’ computers’ connections without any notification. The real dark mode turned out to be the transformation of a respectable Mac app into a playground for data harvesters.

In an email with Gizmodo, Robinson broke down their own investigation into the app. They found that NightOwl installs a launcher that turns the users’ computer into a kind of botnet agent for data that’s sold to third parties. The updated 0.4.5.4 version of NightOwl, released June 13, runs a local HTTP proxy without users’ direct knowledge or consent, they said. The only hint NightOwl gives to users that something’s afoot is a consent notice after they hit the download button, saying the app uses Google Analytics for anonymized tracking and bugs. The botnet settings cannot be disabled through the app, and in order to remove the modifications made to a Mac, users need to run several commands in the Mac Terminal app to excise the vestiges of the code from their system, per Robinson.

It’s currently unclear how many users were affected by the seemingly malicious code, especially as NightOwl has since become unavailable on both the website and app store. The NightOwl site claims the app was downloaded more than 141,000 times, and that there were more than 27,000 active users on the app. Even if the app lost most of its users after Apple installed new Dark Mode software, there were potentially thousands of users running NightOwl on their old Macs.

Keep reading

Australia’s Misinfo Bill Paves Way for Soviet-Style Censorship

The Australian Government’s proposed new laws to crack down on misinformation and disinformation have drawn intense criticism for their potential to restrict free expression and political dissent, paving the way for a digital censorship regime reminiscent of Soviet Lysenkoism.

Under the draft legislation, the Australian Communications and Media Authority (ACMA) will gain considerable expanded regulatory powers to “combat misinformation and disinformation,” which ACMA says poses a “threat to the safety and wellbeing of Australians, as well as to our democracy, society and economy.”

Digital platforms will be required to share information with ACMA on demand, and to implement stronger systems and processes for handling of misinformation and disinformation.

ACMA will be empowered to devise and enforce digital codes with a “graduated set of tools” including infringement notices, remedial directions, injunctions and civil penalties, with fines of up to $550,000 (individuals) and $2.75 million (corporations). Criminal penalties, including imprisonment, may apply in extreme cases.

Controversially, the government will be exempt from the proposed laws, as will professional news outlets, meaning that ACMA will not compel platforms to police misinformation and disinformation disseminated by official government or news sources.

As the government and professional news outlets have been, and continue to be, a primary source of online misinformation and disinformation, it is unclear that the proposed laws will meaningfully reduce online misinformation and disinformation. Rather, the legislation will enable the proliferation of official narratives, whether true, false or misleading, while quashing the opportunity for dissenting narratives to compete.

Keep reading

A Ham-Handed Bill Attacks the First Amendment in the Name of Protecting Minors From Online Harm

Late last month, a Senate committee considered a 50-page bill with a name that includes the word kids and approved it unanimously. Those two facts alone are enough to raise the suspicion that legislators are heading down a winding road toward a destination they only dimly perceive.

That suspicion is amply supported by the text of the Kids Online Safety Act (KOSA), which ham-handedly aims to shield children and teenagers from vaguely defined dangers lurking on the internet. The unintended but foreseeable results are apt to include invasions of privacy that compromise First Amendment rights and a chilling impact on constitutionally protected speech, both of which will harm adults as well as the “kids” whom the bill is supposed to protect.

KOSA imposes an amorphous “duty of care” on platforms, online games, messaging applications, and streaming services, demanding “reasonable measures” to “protect” against and “mitigate” various “harms” to users younger than 17. The targeted dangers include anxiety, depression, suicide, eating disorders, substance abuse, “addiction-like behaviors,” physical violence, online bullying, harassment, sexual exploitation and abuse, “financial harms,” and promotion of “narcotic drugs,” tobacco products, alcohol, or gambling.

That’s a tall order, and it is not at all clear what meeting this obligation would entail. Nor is it clear when the duty of care applies.

As amended by the Senate Commerce Committee, KOSA applies to any “covered platform” that “knows” its users include minors. But no one knows what “knows” means.

In addition to “actual knowledge,” that condition can be satisfied by “knowledge fairly implied on the basis of objective circumstances.” KOSA directs the Federal Trade Commission (FTC), within 18 months of the bill’s passage, to issue “guidance” about how to understand the latter phrase.

That guidance, however, would not bind the FTC, which is charged with investigating and penalizing platforms that it thinks have violated KOSA. Nor would it constrain state attorneys general, who would be authorized to independently enforce KOSA through “civil actions.”

An earlier version of KOSA provoked criticism from civil libertarians who warned that it would effectively require platforms to verify users’ ages, which would entail collecting personal information. That was a clear threat to internet users of all ages who want to engage in speech without revealing their identities, a well-established First Amendment right.

In response to that concern, the latest version of KOSA revises the duty-of-care test and explicitly says it does not require “age gating or age verification.” But given the burdens the bill imposes and the uncertainty about what counts as “knowledge fairly implied,” platforms still would have a strong incentive to exclude minors or minimize the number of users who are younger than 17.

Keep reading

Democrat State Attorneys General File Brief In Support of Biden Censorship Power

In a move that underscores the unceasing tension between free speech and the control of information online, 20 Democratic state attorneys general have made appeals through federal court to restore their power in urging social media entities to censor user content.

Headlined by New York Attorney General Letitia James, the collective is adamant that federal court decisions are hindering their capability to prevent the circulation of misleading information.

July 4 saw US District Judge Terry Doughty issue a directive that greatly restrains government officials’ influence over social media moderation, after there was enough evidence already presented to show possible First Amendment violations.

Stemming from a lawsuit filed in May 2022 by Republican attorneys in Louisiana and Missouri, the verdict argued that both the presiding Biden administration had unjustly pressured social media platforms into suppressing posts perceived as potential triggers for vaccine hesitancy during the COVID-19 crisis or destabilizers for electoral processes.

This pursuit for moderation by government officials, the suit asserted, unjustly infringed upon the First Amendment right to free speech. In particular, these assertions were aimed at tech conglomerates like Meta’s Facebook and Google’s YouTube, accused of commencing the limitation of information dissemination allegedly deemed misleading circa 2019.

Currently held in suspension due to an appeal by the Biden administration, the order, should it be reactivated by the 5th Circuit, will prevent government departments, including the likes of the Department of Health and Human Services and the Federal Bureau of Investigation, from communication with social media companies for the removal or suppression of content considered as protected free speech under the First Amendment.

Keep reading

Senators Introduce Bipartisan Bill to Regulate Online Speech

Senators Elizabeth Warren (D-MA) and Lindsey Graham (R-SC) have introduced a bill to create a new federal government commission overseeing online communication. The legislation is presented as consumer protection but grants new government authorities to police speech on the internet. 

“For too long, giant tech companies have exploited consumers’ data, invaded Americans’ privacy, threatened our national security, and stomped out competition in our economy,” said Warren. “This bipartisan bill would create a new tech regulator and makes clear that reining in Big Tech platforms is a top priority on both sides of the aisle.”

“For years, I have been trying to find ways to empower consumers against Big Tech,” Graham claimed. “I have heard too many stories from families who feel helpless in the face of Big Tech. … The creation of a regulatory commission to oversee Big Tech is the first step in a long journey to protect American consumers from the massive power these companies currently wield.”

The bill will establish a Digital Consumer Protection Commission that will designate some websites as “dominant platforms.” It appears those sites will be in the crosshairs of the new commission as the legislation instructs the new agency “to intentionally avoid having the platform meet the qualifications for designation as a dominant platform.”

The “dominant platforms will be required to inform the government of their content moderation policies. The bill will require designated companies to “make publicly available, through clear and conspicuous disclosure, the dominant platform’s terms of service, which shall include the criteria the operator employs in content moderation practices.”

Keep reading

Sexy AI-generated influencers are silently swarming social media with fake names and backstories with one goal: Con desperate men

With the vast amount of filters and photo editing apps at users’ disposal, it can be hard to tell what’s real and fake on social media these days.

But a DailyMail.com probe has found a budding world of scantily-clad AI influencers who are conning desperate men out of money.

Earlier this week, a 19-year-old blonde bombshell known as Milla Sofia made headlines when it emerged she was artificially generated.

Since then, we’ve uncovered dozens of digital influencers on InstagramTikTok and Twitter who often have fake names and elaborate backstories, jobs and interests. AI-generated photos show them on fake vacations. 

These rising stars – who combined have hundreds of thousands of followers – are receiving admiration and cash from real men. 

Andrea is a brown-haired beauty with more than 30,000 followers on Twitter/X who comment on her lewd photos. She includes her PayPal account details in her bio and offers nude images for subscribers on Patreon.

Andrea’s Patreon offers plan options to chat with her, and for $300 a month, she will ‘basically be your online girlfriend.’ 

The human creators of these AI influencers are unknown faces on the web, only pushing out content to likely live a life they had only dreamed of. 

Milla Sofia is an aspiring fashion model with a portfolio of portraits showing her tanning in Bora Bora, taking in the views in Greece and working in a corporate office.

She has made headlines this week after Futurism uncovered her existence online. 

Some AI-generated personas, like Miquela Sousa, have been revealed to be marketing stunts that turned into gold mines.

Miquela starred in advertising campaigns for major brands such as Prada and Balenciaga, was interviewed by Vogue, and was named one of Time magazine’s 25 most influential people on the internet.

The forever 19-year-old is the brainchild of Trevor McFedries and Sara DeCou, founders of the fashion brand BRUD, who unleashed the AI teen in 2019.

At first, her creators liked to tease her followers and capitalize on the confusion. ‘Is she human?’ asked one perturbed Instagram user. ‘Why do you look like a doll?’ demanded another.

‘She’s some kind of cute mannequin,’ someone claimed. ‘It’s clearly a robot,’ stated another.

Eventually, fans were told the truth, or part of it at least. ‘I’m not a human being,’ Miquela confessed on her page. She said her ‘hands’ were shaking as she ‘wrote’ the post. 

Keep reading

ChatGPT’s Evil Twin “WormGPT” Is Silently Entering Emails And Raiding Banks

A malicious copy of OpenAI’s ChatGPT has been created by a bad actor and its aim is to take your money.

The evil AI is called WormGPT, and it was created by a hacker for sophisticated email phishing attacks.

Cybersecurity firm SlashNext confirmed the artificially intelligent language bot had been created purely for malicious purposes.

The firm explained in a report:

Our team recently gained access to a tool known as ‘WormGPT’ through a prominent online forum that’s often associated with cybercrime.

This tool presents itself as a blackhat alternative to GPT models, designed specifically for malicious activities.

The cyber experts experimented with WormGPT to see just how dangerous it could be.

They asked it to create phishing emails and found the results disturbing.

“The results were unsettling. WormGPT produced an email that was not only remarkably persuasive but also strategically cunning, showcasing its potential for sophisticated phishing and BEC attacks.

“In summary, it’s similar to ChatGPT but has no ethical boundaries or limitations,” the experts wrote.

SlashNext says WormGPT is an example of the threat that language-generative AI models pose.

Experts think the tool could be damaging even in the hands of a novice cybercriminal.

With AI like this out there, it’s best to be extra vigilant when it comes to checking your email inbox.

That especially applies to any email that asks for money, banking details, or other personal information.

Keep reading

It Begins: France to Shut Down Internet in “Certain” Neighborhoods to Prevent Use of Social Media to Organize Violence

The Minister of the Interior in France announced on Sunday the country will restrict internet access in “certain” neighborhoods as the violence continues across the country.

According to the Ministry of the Interior, the restrictions are meant to prevent the use of social media and other platforms to organize violent activities.

Via Midnight Rider and Zoomer Waffen.

France is planning a shutdown of the nation’s internet in an attempt to stop the world from seeing what invaders are doing to the nation.

In just the span of a few days, France has devolved into a middle eastern nation engulfed in war and its despot limiting news from reaching the outside world.

Keep reading

Software Engineer Imprisoned for Developing Application to Break China’s Internet Censorship

Two people, who were detained by Shanghai State Security Police in October 2021 for developing software that circumvents the Great Firewall, received six- and five-year prison sentences on June 12, 2023.

He Binggang and his fiancée Zhang Yibo, together with several others, were arrested on Oct. 9, 2021, for developing and maintaining software that helps people living in China to access overseas internet platforms, according to the Falun Dafa Infocenter.

The Chinese regime set up Great Firewall (GFW), or Golden Shield Project, in 1998, which is managed by the regime’s Ministry of Public Security to monitor and censor what can and cannot be seen in China through an online network.

He and Zhang are Falun Gong adherents, a spiritual practice that has been persecuted inside China since 1999 and has been the subject of intense political propaganda.

Falun Gong, also known as Falun Dafa, is a spiritual improvement practice based on principles of truthfulness, compassion, and forbearance, with five slow-moving, gentle exercises that have significant physical benefits. The practice has been very popular in China, with an estimated 70 million to 100 million practitioners in the country before the Chinese communist regime began to persecute the belief and its followers in July 1999.

He and Zhang had developed software called oGate that allows Chinese people to freely access websites and information available outside of China but which are blocked by the GFW and otherwise unavailable inside China.

A group of Chinese non-IT activists, including lawyers and journalists, launched BanGFW on March 8, 2023.

Keep reading