My Weekly RoundUp #98
What’s the most important news? Facebook’s Libra or Neon Genesis Evangelion on Netflix?
Malware sidesteps Google permissions policy with new 2FA bypass technique
When Google restricted the use of SMS and Call Log permissions in Android apps in March 2019, one of the positive effects was that credential-stealing apps lost the option to abuse these permissions for bypassing SMS-based two-factor authentication (2FA) mechanisms.https://www.welivesecurity.com/2019/06/17/malware-google-permissions-2fa-bypass/
We have now discovered malicious apps capable of accessing one-time passwords (OTPs) in SMS 2FA messages without using SMS permissions, circumventing Google’s recent restrictions. As a bonus, this technique also works to obtain OTPs from some email-based 2FA systems.
Trend Micro recently discovered an Android crypto-currency mining botnet that can spread via open ADB (Android Debug Bridge) ports and Secure Shell (SSH)
Security researchers at Trend Micro have discovered anhttps://securityaffairs.co/wordpress/87440/malware/bot-spreads-adb-ssh.html
new Android crypto-currency mining botnet
that spreads via open ADB (Android Debug Bridge) ports and Secure Shell (SSH).
The Android Debug Bridge (adb) is a command-line
tool that allows developers to communicate with an Android device. The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.
What the latest iOS passcode hack means for you
A mobile device forensics company now says it can break into any Apple device running iOS 12.3 or below.https://www.computerworld.com/article/3403385/what-the-latest-ios-passcode-hack-means-for-you.html#tk.rss_security
Israeli-based Cellebrite made the announcement on an updated webpage and through a tweet where it asserted it can unlock and extract data from all iOS and “high-end Android” devices.
On the webpage describing the capabilities of its Universal Forensic Extraction Device (UFED) Physical Analyzer, Cellebrite said it can “determine locks and perform a full file- system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on many high-end Android devices, to get much more data than what is possible through logical extractions and other conventional means.”
Facebook Monitors Users’ Offline Behaviour
Facebook is now tracking its user’s offline activity to keep a log of suspected ‘hate agents’.https://www.ehackingnews.com/2019/06/facebook-monitors-users-offline.html
A document, titled “Hate Agent Policy Review,” was obtained by Breitbart News, from a source inside Facebook. It outlines a series of rules and regulations that would determine if someone is a ‘hate agent’ or not.
The social media giant will monitor users activity on other websites and even their private lives, such as whether they have a ‘hate symbol’ tattoo or not.
Making a tiny .NET Core 3.0 entirely self-contained single executable
I’ve always been fascinated by making apps as small as possible, especially in the .NET space. No need to ship any files – or methods – that you don’t need, right? I’ve blogged about optimizations you can make in your Dockerfiles to make your .NET containerized apps small, as well as using the ILLInk.Tasks linker from Mono to “tree trim” your apps to be as small as they can be.https://www.hanselman.com/blog/MakingATinyNETCore30EntirelySelfcontainedSingleExecutable.aspx
Work is on going, but with .NET Core 3.0 preview 6, ILLink.Tasks is no longer supported and instead the Tree Trimming feature is built into .NET Core directly.
Reverse Engineering The Sound Blaster
The first sound card to output PCM audio — the kind you need for audio samples — wasn’t the Sound Blaster. The AdLib Music Synthesizer Card could output PCM audio over software. The AdLib card also cost $200 at the time of its release. This was too much for some, and in time the Creative Labs Sound Blaster was released for the rock-bottom price of $125. This was a more capable card, and in the years since prices on the used market have gone through the roof. In 1990, you could buy a Sound Blaster for a Benjamin and a half, in 2019, prices on eBay are reaching and exceeding $400.https://hackaday.com/2019/06/19/reverse-engineering-the-sound-blaster/
With the prices of used cards so high, we start to get into the territory where it starts to make sense to reverse engineer and re-manufacture the entire card. This hasn’t been done before, but that’s no matter for [Eric Schlaepfer], or [@TubeTimeUS]; he’s done crazier projects before, and this one is no different.
Adobe developed a method to detecting facial manipulations made with…Adobe Photoshop
Adobe researchers Richard Zhang and Oliver Wang, along with their UC Berkeley collaborators, Sheng-Yu Wang, Dr. Andrew Owens, and Professor Alexei A. Efros, developed a method for detecting edits to images that were made using Photoshop’s Face Aware Liquify feature, sponsored by the DARPA MediFor program.https://theblog.adobe.com/adobe-research-and-uc-berkeley-detecting-facial-manipulations-in-adobe-photoshop/
Facebook cryptocurrency: how Libra will change the way you spend money
Facebook has unveiled plans for a global cryptocurrency which the social networking giant hopes will provide an alternative to cash, credit cards and bank transfers.https://www.telegraph.co.uk/technology/2019/06/18/facebook-unveils-libra-digital-currency-could-change-way-spend/
The Libra currency, which is expected to launch in the first half of next year, has been backed by 27 other companies and organisations, including Uber, Spotify, Mastercard, eBay and Vodafone.
Facebook’s New Cryptocurrency Libra: Not to be Confused with Libre
The long-speculated Facebook cryptocurrency is finally here! Libra!https://privacyinternational.org/long-read/3021/facebooks-new-cryptocurrency-libra-not-be-confused-libre
Libra Association, an entity co-founded by Facebook, has announced the creation of a new cryptocurrency, Libra, “a simple global currency and financial infrastructure that empowers billions of people”.
The white paper that outlines the rationale for the new currency makes a number of heady statements, some which anyone who cares about rights should commend — and some which should be challenged.
Why Fans Are Annoyed by NEON GENESIS EVANGELION on Netflix
Neon Genesis Evangelion is one of the tentpoles of modern anime. It’s a staggering work of philosophical, ecclesiastical, and Freudian complexity all housed in a story of tweens forced to pilot advanced mecha suits to fight giant monsters called Angels. It’s creator Hideaki Anno’s total masterwork, and something fans have poured over since its debut in Japan in 1994.https://nerdist.com/article/neon-genesis-evangelion-netflix-fans-annoyed/
That’s why the series’ inclusion on American Netflix—along with the pair of alternate ending movies, Death & Rebirth and The End of Evangelion—is so exciting. Or at least it should be. While the Netflix version of the long-out-of-print anime looks gorgeous, with high-definition remastering, a few changes have some sticklers confused. For decades now, the only way to see Evangelion in the States has been via old DVDs, so fans have grown to know those inside and out. The Netflix versions are different in a few very specific respects.
Neon Genesis Evangelion on Netflix erases iconic ‘Fly Me to the Moon’ outro
Netflix added the popular, mid-’90s anime series Neon Genesis Evangelion to its catalog Friday. Fans initially rejoiced about getting access to the shows, but that changed when they reached the end of the first episode.https://www.cnet.com/news/neon-genesis-evangelion-on-netflix-removes-iconic-fly-me-to-the-moon-outro/
The streaming platform replaced “Fly Me to the Moon,” the song used during the credits of every episode of Neon Genesis Evangelion, with another piece of music from the show’s score: “Hostility Restrained.” The track was also replaced in certain scenes where it was used as background music. Netflix didn’t acquire the license for the song because of its price for global use, a unnamed source with knowledge of the production told The Wrap. The “Fly Me to the Moon” outro is available for those using Netflix in Japan.
Captain America’s Life With Peggy Carter After Endgame
Captain America’s Life After Endgame (Marvel Parody) A funny slice of life look at Cap and Peggy living through history together after Avengers: Endgame
Odom – Steve Rogers
Kelly Sparrman – Peggy “Agent” Carter (http://instagr.am/ksparr)
Written by Michael Adams Davis & Michael Schroeder
Directed by Michael Schroeder
Director of Photography Michael Schmidt
Edited by Chance Cole
Makeup by Ashley Aldridge
Produced by David Odom and Brian Fisher
Special Thanks to John Schroeder
A Warp Media LLC sketch comedy video production