May 25, 2017

Data Knightmare

DataKnightmare 1x31 - Data Grab: qualcosa si muove

Diversi sviluppi inattesi: Facebook multato dalla Commissione Europea, gli inglesi che vogliono vederci chiaro nel data grab di Google DeepMind e, incredibile!, in Italia un'interrogazione parlamentare chiede alla Ministra della Sanità Lorenzin chiarimenti sulla madre di tutti i data grab: la promessa di Renzi a IBM Watson Health dei dati sanitari di 60 milioni di italiani. Qualcosa si muove...

by Runtime Radio

May 24, 2017

Informatic school is in southwest Cameroon

Microscopy and Microanalysis

DIY Microscope and Microanalysis

A work shop on Microscopy and Microanalysis organized by the Association of Linux Friends  in Partnership with L’association pour la promotion de la science ouverte en Haiti et en Afrique (APSOHA) http://www.projetsoha.org/?page_id=1616 . The workshop took place on Friday the 19th of May 2017 at the Campus of the Association of Linux Friends. The aime of the workshop was as follows:

-To work for the democratization of digital technology;
-To promote citizen science;
-Encourage the adoption of free educational resources;
-To support universities towards the adoption of open scientific practices and policies;

Thirty young people were present.

 

man man3 man4 man4(1) man7 man8 man(1) michel shanderine

by admin

May 20, 2017

Evgeny Morozov

Why do we need 'accidental heroes' to deal with global cyber-attacks? | Evgeny Morozov

Big tech firms say they are the only providers of large cybersecurity services – even as their products are compromised. The conflict of interest is huge

To appreciate the perversity of our reliance on US technology giants, you just need to grapple with the fact that one of the likely winners in the global “cyber-outage” – caused by the series of crippling cyber-attacks that hit public and private institutions worldwide a week ago – might be the very company whose software was compromised – Microsoft.

The WannaCry ransomware used in the attack wreaked havoc on organisations including FedEx and Telefónica, as well as the NHS, where operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work. In the end the global spread of the attack was halted by an “accidental hero”, a 22-year-old IT security blogger from Ilfracombe, Devon. Marcus Hutchins found and inadvertently activated a “kill switch” in the malware by registering a specific domain name hidden within the program.

Related: Who is to blame for exposing the NHS to cyber-attacks?

Related: NHS cyber-attack causing disruption one week after breach

Continue reading...

by Evgeny Morozov

May 19, 2017

Trasformatorio

Trasformatorio 2017 – Cristiano Siri

Uphill An almost abandoned village, the legend of a glorious woman, the human condition. “Uphill” is the result of an exploration of the intersections and the resonating pattern among these elements. Scaletta Zanclea, Macalda, us. We have birth and we often struggle about what we found out there waiting for us. We are depicted in […]

by fredd

videogame confessional forum

jon-paul dyson // chris bensch

Super Mario Bros. Call of Duty Grand Theft Auto Skylanders Disney Infinity Dark Tower Lego Dimensions One Night Johann Sebastian Joust Bejeweled World of Warcraft Minecraft

by david wolinsky

Vlax

velvets https://i0.wp.com/blendervelvets.org/wp-content/uploads/201...

velvets

Los Blender Velvets son un conjunto de glamurosos plugins que hacer de Blender uno de los más potentes editores de video libres.

Esto y mucho más en el taller de edición de video con Blender que organizamos en CoAA TV

20 de marzo a las 12:00 horas en el Rancho Electrónico

#taller #video #blender #freesoftware #softwarelibre #audiovisuallibre #culturalibre #medioslibres #autogestión

May 17, 2017

Trasformatorio

Trasformatorio 2017 – Matthew Re-Harmony

Sounds without images. Not necessary. Matthew is an artist. He plays a lot of different instruments, to heal, to reach out, to break the distances between people. In trasformatorio, he shined in many different ways. I see him on the mount Etna, his rainbow jacket, and a casket of wood he carried on the whole way […]

by fredd

May 16, 2017

Trasformatorio

Trasformatorio 2017 – Francesco Franchina

Memory Distilled – Trasformatorio 2017 Project Memory Distilled is a Python script that extracts the most used words from a text and places them into a shaped wordcloud. The concept behind This project starts in the bosom of the artistic residence of Trasformatorio 2017, to which I was honored to participate. The main idea was […]

by fredd

May 15, 2017

Trasformatorio

Trasformatorio 2017 – Irene

“An ordinary day in my life, by Macalda.” Storyboard synopsis: A conceptual storytelling based on a local legend which is lost in time, using photography and slow motion animation, narratives and digital interaction. The legend of Macalda of Scaletta presents the ordinary life of a living ghost in a contemporary reality moving freely around the […]

by fredd

May 11, 2017

Il Pianista

How my car insurance exposed my position

As many car insurances companies do, my car insurance company provides a satellite device that can be put inside your car to provide its location at any time in any place.

By installing such device in your car, the car insurance profiles your conduct, of course, but it could also help the police in finding your car if it gets stolen and you will probably get a nice discount over the insurance price (even up to 40%!). Long story short: I got one.

Often such companies also provide an “App” for smartphones to easily track your car when you are away or to monitor your partner…mine (the company!) does.

Then I downloaded my company’s application for Android, but unluckily it needs the Google Play Services to run. I am a FOSS evangelist and, as such, I try to use FOSS apps only and without gapps.

Luckily I’m also a developer and, as such, I try to develop the applications I need most; using mitmproxy, I started to analyze the APIs used by the App to write my own client.

Authentication

As soon as the App starts you need to authenticate yourself to enable the buttons that allow you to track your car. Fair enough.

The authentication form first asks for your taxpayer’s code; I put mine and under the hood it performs the following request:

curl -X POST -d 'BLUCS§<taxpayers_code>§-1' http://<domain>/BICServices/BICService.svc/restpostcheckpicf<company>

The Web service replies with a cell phone number (WTF?):

2§<international_calling_code>§<cell_phone_number>§-1

Wait. What do we already see here? Yes, besides the ugliest formatting ever and the fact the request uses plain HTTP, it takes only 3 arguments to get a cell phone number? And guess what? The first one and the latter are two constants. In fact, if we put an inexistent taxpayer’s code, by keeping the same values, we get:

-1§<international_calling_code>§§-100%

…otherwise we get a cell phone number for the given taxpayer’s code!

I hit my head and I continued the authentication flow.

After that, the App asks me to confirm the cell phone number it got is still valid, but it also wants the password I got via mail when subscribing the car insurance; OK let’s proceed:

curl -X POST -d 'BLUCS§<taxpayers_code>§<device_imei>§<android_id>§<device_brand>-<device_model>_unknown-<api_platform>-<os_version>-<device_code>§<cell_phone_number>§2§<password>§§-1' http://<domain>/BICServices/BICService.svc/restpostsmartphoneactivation<company>

The Web service responds with:

0§<some_code>§<my_full_name>

The some_code parameter changes everytime, so it seems to work as a “registration id”, but after this step the App unlocked the button to track my car.

I was already astonished at this point: how the authentication will work? Does it need this some_code in combination with my password at reach request? Or maybe it will ask for my taxpayer code?

Car tracking

I start implementing the car tracking feature, which allows to retrieve the last 20 positions of your car, so let’s analyze the request made by the App:

curl -X POST -d 'ASS_NEW§<car_license>§2§-1' http://<domain>/BICServices/BICService.svc/restpostlastnpositions<company>

The Web service responds with:

0§20§<another_code>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>

WTH?!? No header?!? No cookie?!? No authentication parameters?!?

Yes, your assumption is right: you just need a car license and you get its last 20 positions. And what’s that another_code? I just write it down for the moment.

It couldn’t be real, I first thought (hoped) they stored my IP somewhere so I’m authorized to get this data now, so let’s try from a VPN…oh damn, it worked.

Then I tried with an inexistent car license and I got:

-2§TARGA NON ASSOCIATA%

which means: “that car license is not in our database”.

So what we could get here with the help of crunch? Easy enough: a list of car licenses that are covered by this company and last 20 positions for each one.

I couldn’t stop now.

The Web client

This car insurance company also provides a Web client which permits more operations, so I logged into to analyze its requests and while it’s hosted on a different domain, and it also uses a cookie for almost any request, it performs one single request to the domain I previously used. Which isn’t authenticated and got my attention:

curl http://<domain>/<company>/(S(<uuid>))/NewRemoteAuthentication.aspx?RUOLO=CL&ID=<another_code>&TARGA=<car_license>&CONTRATTO=<foo>&VOUCHER=<bar>

This one replies with an HTML page that is shown in the Web client:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
    <title>NewRemoteAuthentication</title>
    <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1" />
    <meta name="CODE_LANGUAGE" Content="C#" />
    <meta name="vs_defaultClientScript" content="JavaScript"/>
    <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie7" />
        <!--<meta content="IE=EmulateIE10" name="ie_compatibility" http-equiv="X-UA-Compatible" />-->
        <meta name="ie_compatibility" http-equiv="X-UA-Compatible" content="IE=7, IE=8, IE=EmulateIE9, IE=10, IE=11" />
</HEAD>
    <body>
    <form name="Form1" method="post" action="/<company>/(S(<uuid>))/NewRemoteAuthentication.aspx?RUOLO=CL&amp;ID=<another_code>&amp;TARGA=<car_license>" id="Form1">
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTIwNzEwODIsJFNAgEPKAJDIeBsdSpc2libGVnZGRic5McHC9+DqRx0H+jRt5O+/PLtw==" />

            <iframe id="frm1" src="NewRicerca.aspx" width="100%" height="100%"></iframe>


<SCRIPT language="JavaScript">
<!--
self.close
// -->
</SCRIPT>
</form>
</body>
</HTML>

It includes an iframe (sigh!), but that’s the interesting part!!! Look:

Car history

From that page you get:

  • the full name of the person that has subscribed the insurance;
  • the car model and brand;
  • the total amount of kilometers made by the car;
  • the total amount of travels (meant as “car is moving”) made by the car;
  • access to months travels details (how many travels);
  • access to day travels details (latitude, longitude, date and time);
  • access to months statistics (how often you use your car).

Car month history Car day history Car month_statistics

There are a lot of informations here and these statistics are available since the installation of the satellite device.

The request isn’t authenticated so I just have to understand the parameters to fill in. Often not all parameters are required and then I tried by removing someone to find out which are really needed. It turns out that I can simplify that as:

curl http://<domain>/<company>/(S(<uuid>))/NewRemoteAuthentication.aspx?RUOLO=CL&ID=<another_code>&TARGA=<car_license>

But there’s still a another_code there…mmm, wait it looks like the number I took down previously! And yes, it’s!

So, http://<domain>/<company>/(S(<uuid>))/NewRicerca.aspx is the page that really shows all the informations, but how do I generate that uuid thing?

I tried by removing it first and then I got an empty page. Sure, makes sense, how that page will ever know which data I’m looking for?

Then it must be the NewRemoteAuthentication.aspx page that does something; I tried again by removing the uuid from that url and to my full surprise it redirected me to the same url, but it also filled the uuid part as path parameter! Now I can finally invoke the NewRicerca.aspx using that uuid and read all the data!

Conclusion

You just need a car license which is covered by this company to get all the travels made by that car, the full name of the person owning it and its position in real time.

I reported this privacy flaw to the CERT Nazionale which wrote to the company.

The company fixed the leak 3 weeks later by providing new Web services endpoints that use authenticated calls. The company mailed its users saying them to update their App as soon as possible. The old Web services have been shutdown after 1 month and half since my first contact with the CERT Nazionale.

I got no bounty.

The company is a leading provider of telematics solutions.

May 10, 2017

Vlax

Sal de la máquina : personas interiormente vacías

Sal de la máquina : personas interiormente vacías

“Un desarrollo anormal de la personalidad detiene frecuentemente el desarrollo de la esencia en un nivel tan bajo que aquella deviene una pobre y pequeña cosa informe. De una pobre y pequeña cosa
informe, nada se puede esperar. Además, sucede a menudo que la esencia de un hombre muere, mientras que su personalidad y su cuerpo permanecen vivos. Casi todas las personas que vemos en las calles de una gran ciudad son así, interiormente vacías; en realidad, están ya muertas. Es una suerte para nosotros que no lo veamos y que no sepamos nada de ello. Si supiésemos cuántos hombres están ya muertos y cuán numerosos son los cadáveres que gobiernan nuestras vidas, el espectáculo de este horror nos haría perder la razón”.

vía : Sal de la máquina https://saldelamaquina.wordpress.com/2017/05/09/legiones-de-muertos-vivientes

Addicts

#máquina #addición #sociedad #personalidad #gente #mundo #persona

Trasformatorio

Alluvione – Azucena Sanchez

Installation: Dry cactus leaves and tuna dye 30/April/2017 Alluvione was made out of memories from tragedy, hope and nostalgia. A great flood in 2009 made an impression in the people from Scaletta and its landscape. One afternoon spent with any of them will allow you to feel the fear, shock, and respect people have towards […]

by fredd

Il Pianista

How my car insurance exposed my position

As many car insurances companies do, my car insurance company provides a satellite device that can be put inside your car to provide its location at any time in any place.

By installing such device in your car, the car insurance profiles your conduct, of course, but it could also help the police in finding your car if it gets stolen and you will probably get a nice discount over the insurance price (even up to 40%!). Long story short: I got one.

Often such companies also provide an “App” for smartphones to easily track your car when you are away or to monitor your partner…mine (the company!) does.

Then I downloaded my company’s application for Android, but unluckily it needs the Google Play Services to run. I am a FOSS evangelist and, as such, I try to use FOSS apps only and without gapps.

Luckily I’m also a developer and, as such, I try to develop the applications I need most; using mitmproxy, I started to analyze the APIs used by the App to write my own client.

Authentication

As soon as the App starts you need to authenticate yourself to enable the buttons that allow you to track your car. Fair enough.

The authentication form first asks for your taxpayer’s code; I put mine and under the hood it performs the following request:

curl -X POST -d 'BLUCS§<taxpayers_code>§-1' http://<domain>/BICServices/BICService.svc/restpostcheckpicf<company>

The Web service replies with a cell phone number (WTF?):

2§<international_calling_code>§<cell_phone_number>§-1

Wait. What do we already see here? Yes, besides the ugliest formatting ever and the fact the request uses plain HTTP, it takes only 3 arguments to get a cell phone number? And guess what? The first one and the latter are two constants. In fact, if we put an inexistent taxpayer’s code, by keeping the same values, we get:

-1§<international_calling_code>§§-100%

…otherwise we get a cell phone number for the given taxpayer’s code!

I hit my head and I continued the authentication flow.

After that, the App asks me to confirm the cell phone number it got is still valid, but it also wants the password I got via mail when subscribing the car insurance; OK let’s proceed:

curl -X POST -d 'BLUCS§<taxpayers_code>§<device_imei>§<android_id>§<device_brand>-<device_model>_unknown-<api_platform>-<os_version>-<device_code>§<cell_phone_number>§2§<password>§§-1' http://<domain>/BICServices/BICService.svc/restpostsmartphoneactivation<company>

The Web service responds with:

0§<some_code>§<my_full_name>

The some_code parameter changes everytime, so it seems to work as a “registration id”, but after this step the App unlocked the button to track my car.

I was already astonished at this point: how the authentication will work? Does it need this some_code in combination with my password at reach request? Or maybe it will ask for my taxpayer code?

Car tracking

I start implementing the car tracking feature, which allows to retrieve the last 20 positions of your car, so let’s analyze the request made by the App:

curl -X POST -d 'ASS_NEW§<car_license>§2§-1' http://<domain>/BICServices/BICService.svc/restpostlastnpositions<company>

The Web service responds with:

0§20§<another_code>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>§DD/MM/YYYY HH:mm:SS#<latitude>#<longitude>#0#1#1#1-<country>-<state>-<city>-<street>

WTH?!? No header?!? No cookie?!? No authentication parameters?!?

Yes, your assumption is right: you just need a car license and you get its last 20 positions. And what’s that another_code? I just write it down for the moment.

It couldn’t be real, I first thought (hoped) they stored my IP somewhere so I’m authorized to get this data now, so let’s try from a VPN…oh damn, it worked.

Then I tried with an inexistent car license and I got:

-2§TARGA NON ASSOCIATA%

which means: “that car license is not in our database”.

So what we could get here with the help of crunch? Easy enough: a list of car licenses that are covered by this company and last 20 positions for each one.

I couldn’t stop now.

The Web client

This car insurance company also provides a Web client which permits more operations, so I logged into to analyze its requests and while it’s hosted on a different domain, and it also uses a cookie for almost any request, it performs one single request to the domain I previously used. Which isn’t authenticated and got my attention:

curl http://<domain>/<company>/(S(<uuid>))/NewRemoteAuthentication.aspx?RUOLO=CL&ID=<another_code>&TARGA=<car_license>&CONTRATTO=<foo>&VOUCHER=<bar>

This one replies with an HTML page that is shown in the Web client:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
    <title>NewRemoteAuthentication</title>
    <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1" />
    <meta name="CODE_LANGUAGE" Content="C#" />
    <meta name="vs_defaultClientScript" content="JavaScript"/>
    <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie7" />
        <!--<meta content="IE=EmulateIE10" name="ie_compatibility" http-equiv="X-UA-Compatible" />-->
        <meta name="ie_compatibility" http-equiv="X-UA-Compatible" content="IE=7, IE=8, IE=EmulateIE9, IE=10, IE=11" />
</HEAD>
    <body>
    <form name="Form1" method="post" action="/<company>/(S(<uuid>))/NewRemoteAuthentication.aspx?RUOLO=CL&amp;ID=<another_code>&amp;TARGA=<car_license>" id="Form1">
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTIwNzEwODIsJFNAgEPKAJDIeBsdSpc2libGVnZGRic5McHC9+DqRx0H+jRt5O+/PLtw==" />

            <iframe id="frm1" src="NewRicerca.aspx" width="100%" height="100%"></iframe>


<SCRIPT language="JavaScript">
<!--
self.close
// -->
</SCRIPT>
</form>
</body>
</HTML>

It includes an iframe (sigh!), but that’s the interesting part!!! Look:

Car history

From that page you get:

  • the full name of the person that has subscribed the insurance;
  • the car model and brand;
  • the total amount of kilometers made by the car;
  • the total amount of travels (meant as “car is moving”) made by the car;
  • access to months travels details (how many travels);
  • access to day travels details (latitude, longitude, date and time);
  • access to months statistics (how often you use your car).

Car month history Car day history Car month_statistics

There are a lot of informations here and these statistics are available since the installation of the satellite device.

The request isn’t authenticated so I just have to understand the parameters to fill in. Often not all parameters are required and then I tried by removing someone to find out which are really needed. It turns out that I can simplify that as:

curl http://<domain>/<company>/(S(<uuid>))/NewRemoteAuthentication.aspx?RUOLO=CL&ID=<another_code>&TARGA=<car_license>

But there’s still a another_code there…mmm, wait it looks like the number I took down previously! And yes, it’s!

So, http://<domain>/<company>/(S(<uuid>))/NewRicerca.aspx is the page that really shows all the informations, but how do I generate that uuid thing?

I tried by removing it first and then I got an empty page. Sure, makes sense, how that page will ever know which data I’m looking for?

Then it must be the NewRemoteAuthentication.aspx page that does something; I tried again by removing the uuid from that url and to my full surprise it redirected me to the same url, but it also filled the uuid part as path parameter! Now I can finally invoke the NewRicerca.aspx using that uuid and read all the data!

Conclusion

You just need a car license which is covered by this company to get all the travels made by that car, the full name of the person owning it and its position in real time.

I reported this privacy flaw to the CERT Nazionale which wrote to the company.

The company fixed the leak 3 weeks later by providing new Web services endpoints that use authenticated calls. The company mailed its users saying them to update their App as soon as possible. The old Web services have been shutdown after 1 month and half since my first contact with the CERT Nazionale.

I could be wrong, but I suspect the privacy flaw has been around for 3 years because the first Android version of the App uses the same APIs.

I got no bounty.

The company is a leading provider of telematics solutions.

May 08, 2017

Trasformatorio

Jakub Bobrowski – The Dead Plants

The dead plants Arranging dead plants found in Scaletta Zanclea had to me at times more immediate function and overall an underlying driving force. Curtain at the entrance of the castle made of dry giant fennel branches meant to mark the passage to a place where one can allow oneself more and is more open […]

by fredd

Data Knightmare

DataKnightmare 1x30 - Speciale Facebook

Facebook è un motore di propaganda, e è legale. La supposta socialità? In quanto supposta, ce la mettono... Che ne dici di vendere il tuo prodotto a adolescenti che hanno bisogno di una "iniezione di fiducia"? Integratori ai limiti della legge, chirurgie estetiche, sette, con Facebook c'è spazio per tutti, basta pagare, perché è legale. È il capitalismo della sorveglianza, baby. E lo stesso è fattibile per qualsiasi fascia di età, e per qualsiasi prodotto, inclusi i candidati politici.

by Runtime Radio

Trasformatorio

Trasformatorio 2017 – Presentation Day (part one)

Documentation Notes Presentation Day, 30 April 2017. Some of the works have been presented this day. Some took shape during the presentation itself, as guided, inspired improvisations, till everyone entered the rooms of the tower, in pitch black that night, and got guided by their refined senses. Those documentation media and stories in a different […]

by fredd

May 07, 2017

In the news

Grande successo per il trasformatorio - Gazzetta Jonica


Gazzetta Jonica

Grande successo per il trasformatorio
Gazzetta Jonica
Il suo obbiettivo e di integrare la pratica dell'Hackalb con la ricerca su arti performative sostenibilità. organizzato da Dyne.org e Siddharte, con il patrocino dell'amministrazione comunale di Scaletta Zanclea e in collaborazione con CairoTRonica ...

and more »

May 06, 2017

Evgeny Morozov

Cyber-insecurity is a gift for hackers, but it’s our own governments that create it | Evgeny Morozov

The insurance market is extracting millions to protect us from the built-in flaws the surveillance state relies on

The political legitimacy of democratic capitalism, that unlikely political formation that has brought us the end of history and now presents itself as the only bulwark against rightwing extremism, rests on a clear distribution of functions between governments and corporations. The former take on the role of regulating the latter in order to protect the customers from the occasional harmful effects of the otherwise beneficial business activity.

Related: Should we worry the general election will be hacked?

Governments are not restraining the toxic activities of companies – they are engaging in toxic activities of their own

Related: CIA hacking tools raise huge concerns | Letters

Related: Cybersecurity: is the office coffee machine watching you?

Related: Hackers attacked one in five UK firms last year, survey finds

Continue reading...

by Evgeny Morozov

May 05, 2017

videogame confessional forum

frank lantz

Sure. My full name is Frank Lantz and my age is 52. My experience in the game industry is I started out making games at a place called RGA in the ‘90s. I was a creative director at a design studio...

by david wolinsky

May 03, 2017

Data Knightmare

DataKnightmare 1x29 - Uber, Amazon e l'accesso agli algoritmi

Tre notizie fresche fresche su cui meditare: 1) Uber tracciava gli utenti iPhone anche dopo la cancellazione dell'app. 2) Amazon vuole che ci mettiamo una videocamera in camera da letto. 3) Il TAR stabilisce un principio rivoluzionario: accedere agli atti, nel caso di algoritmi amministrativi, significa ottenere una copia del sorgente.

by Runtime Radio

May 01, 2017

Alan :: law, technology and cinema, washed down with wine

Respectful Ads not Acceptable Ads

When you’ve becomes too familiar with the an industry’s trade organizations, it is a sure sign that you have entered the vale of tears. Forget the newly minted worries about fake news, this is the world of paid opinions, a hall of mirrors where facts are irrelevant; broadcast power combined with political clout are what matters.

In March the advertising industry published its conclusions regarding acceptable ‘ad experiences’. They found, unsurprisingly, that users hate autoplay video ads, pop-ups, countdown ‘prestitials’ and a series of other things. The new acronym behind this standard, the Coalition for Better Ads (CBA), includes Facebook, Google and entities such as the Interactive Advertising Bureau (IAB) and Network Advertising Initiative (NAI). The CBA’s strategic purpose is to find ways to stanch the demand for adblockers upstream, cutting off the legs from uncontrolled third parties like Adblockplus, whose ‘Acceptable Ads‘ criteria have been enforced by ABP since 2012.

But this competing standard can’t undermine the adblockers unless it is given form as software. Thus the rumor that Google are going to integrate an adblocking feature with Chrome; it won’t be an adblocker as we know it, but one which implements the CBA’s rules. (If you want a browser with integrated adblocking or tracker blocking, Opera and Brave offer that functionality already.)

The CBA and the Acceptable Ads program have something in common: neither address user concerns unconnected with format, but to do with the tracking and surveillance architecture which sits at the core of the advertising industry. In their eyes it is just a case of users being irritated by annoying formats, but it’s not, and research about the motivations behind adblocker adoption have repeatedly demonstrated that, including research commissioned by the IAB itself. The following chart comes from a report (1) produced by the IAB last summer:

Screen Shot 2017-05-02 at 17.39.18

fig 1. Ad Blocking: Who Blocks Ads, Why and How to Win Them Back, IAB & C3 Research, 2013

The discussion needs to be emancipated from the straitjacket of ‘format acceptability’ and turned towards the relationship between publishers and readers. Treating readers/users respectfully means to value their time and attention, acknowledge and abide by their privacy preferences, and to find ways to deliver utility in ways they want.

Such an attitude does not come naturally to the many members of the CBA who spent the last half year lobbying against the FCC’s privacy rules, enabling ISPs to spy on their customers. These organizations prefer fig-leaf self-regulatory schemes that claim to offer privacy choices, programs dismissed by the former FTC commissioner Julie Brill. Now the Network Advertising Initiative have the hubris to organize a ‘Privacy Hackathon’ – anyone considering participating might wonder if it’s sensible to align their privacy work with an organization which fought for the repeal of consumer privacy rules at the FCC.

(1) See chart on page 20, Ad Blocking: Who Blocks Ads, Why and How to Win Them Back, IAB, June 2016.


by nonrival

April 28, 2017

In the news

Il museo sull'informatica vintage è in Sicilia - Wired.it


Wired.it

Il museo sull'informatica vintage è in Sicilia
Wired.it
Tre le organizzazioni coinvolte: il Freaknet Medialab appunto, Dyne.org, fucina di programmatori di software libero e il Poetry Hacklab, laboratorio di informatica libera. Ed è recente il sostegno di Interlogica, società veneta impegnata in progetti ...

April 26, 2017

In the news

Trasformatorio, arte performativa a Scaletta fino al 1 maggio - Lettera Emme


Lettera Emme

Trasformatorio, arte performativa a Scaletta fino al 1 maggio
Lettera Emme
L'evento è organizzato da Siddharte e Dyne.org con il patrocinio dell'Amministrazione comunale di Scaletta Zanclea e in collaborazione con WISH (World International Sicilian Heritage), CairoTronica (Simposio internazionale di Arti Digitali del Cairo ...

April 24, 2017

Data Knightmare

DataKnightmare 1x28 - La madre di tutti i data grab

Pensavate che dare cinque anni di cartelle cliniche di 700mila pazienti gratis e senza alcun controllo a Google fosse il peggio? Benvenuti alla madre di tutti i data grab, doveun primo ministro promette i dati sanitari di un'intera nazione a IBM. Senza obiettivi, senza controlli, senza garanzie, senza ritorno economico, senza gara. E senza farlo sapere a nessuno.

by Runtime Radio

April 21, 2017

videogame confessional forum

jeremy penner

So, my name's Jeremy Penner. I'm 33. Living right now in Ottawa, Ontario in Canada. I don't know, I've been programming since I was old enough to read, which was three or four. So, I've always been...

by david wolinsky

Informatic school is in southwest Cameroon

TECHSHARE 2016

TECHSHARE 2016

Linux Friends say thank you , Techshare for your unfailling support to Future Stair Accademy. Your support has made us grown to maturity, with many good player in all Categories, Both Male and Female.

PIC_0143 PIC_0144 PIC_0145 PIC_0146 PIC_0147 PIC_0148 PIC_0149 PIC_0150 PIC_0151 PIC_0152 PIC_0153 PIC_0154 PIC_0155 PIC_0156 PIC_0157 PIC_0159

 

20141101-0001IMG_20150104_042431 IMG_20150104_045115 IMG_20150104_04240920150711-000120150711-000320150711-000420150711-0007IMG_20161203_110524IMG_20161203_110522IMG_20161203_110519IMG_20161126_105022IMG_20161126_105020IMG_20161126_105016IMG_20161126_105012IMG_20161126_10494020150624-002920150620-000620150620-000420141204-000320150404-000120150404-0002IMG_20161203_110458IMG_20161130_141152IMG_20161115_165244IMG_20161115_165304IMG_20161115_165307IMG_20161115_165332IMG_20161115_165309girls1IMG-20161124-WA0000boysIMG-20161124-WA0004IMG-20161124-WA0005

20141101-0001

The President of Future Star Accademy is Eboumbou Jacques Marcel

Secretary is Ngainku Pauli Chanceline

Director is   Abassonga Noga Monique

Treasurer is Lolo Marthe Mireille

The Manager is Tabot Tabe Henry

Contact +237 674 956 363  and  +237 699 920 173

 

by admin

SWISS FRIENDS 2016

SWISS FRIENDS SUPPORT 2016

Swiss Friends have for one year now support the objective, activities and development of the Association of Linux Friends Limbe. Swiss friends have paid for ties to be put on the floor of the classrooms  and staircase, roofing of the building, paying Motivation for seven Teachers,  and of course provided a Toyota Rav4 for the Association. Linux Friends want to thank all the commitee members of Swiss Friends 2016  you have all work hard untill now. We know how challenging it has been but we give God all the Glory.

IMG_20150112_021206 photo 4 (3) photo 4 (4) photo 4 (2) photo 3 (4) photo 1 (5) photo 1 (4) photo 2 (4) photo 2 (3) photo 4 (2) photo 3 (4) photo 3 (3) photo 3 (2) photo 2 (5)OM6A7998IMG_20150112_021201 IMG_20150112_020921 IMG_20150112_020912 IMG_20150112_020745 IMG_20150112_020730 IMG_20150112_020653 IMG_20150112_020645

by admin

April 20, 2017

Informatic school is in southwest Cameroon

Computer School with Solar Section

Computer School with Solar Section

the educational project run by the Association of Linux Friends Limbe/Cameroon

 

Short Project Description. The Computer school run by the Linux Friends in Limbe /Cameroon includes an annual course providing basic knowledge in computer science as well as sporadic IT-courses on advanced level. Born out of necessity, the School more and more is also working on electricity production, thus responding to the fact that in vast parts of Cameroun the power supply needed for operating computers is not assured.

Students pay a symbolic school fee. The training curriculum and teaching methods (e-learning) are developed in accordance with the students’ request. Upon successful conclusion of the Annual Course students are allocated a certificate approved by the local authorities. The certificate is well appreciated by the participants and considered an entry point to working life. It particularly enables women to do a first important step towards the formal economical sector.

The educational program is offered in the day school and in evening classes. The teaching staff is recruited among the graduates of the school. At present, the majority of students and teachers are women. In the past year, 30 graduates (out of about 50 students enrolled) obtained the final certificate.

The Computer School of Linux Friends Limbe was initiated ten years ago by the Swiss Michel Pauli and the Cameroonian Chanceline Ngainku and is registered as a non-profit organization under the name Association of Linux Friends Limbe. As a result of continuous trials and inventive work of the local project team and thanks to worldwide advances in the field of mini-computers with low energy consumption, the school today disposes of a well-functioning technical equipment (basis: Raspberry Pi 2 and 3 and PiNet) with a total of 17 computer workstations. The school has Internet access. Part of the computer is solar energy-operated.

As a next big step the project aims to develop and stabilize the advanced level training. Students are to be able to further qualify in the ICT and solar systems sector. The objective is to realize a qualified training program based on the dual vocational training system as a model. The maintenance of the school’s network as well as commissioned work in the field of computer and solar system installation will allow students to put the acquired theoretical knowledge into practice. In order to maintain and develop the actual project-based knowhow it is required to expand the number of today eight staff positions (including administration and domestic services) to eleven adequately rewarded  working places.

The Context. In Cameroon, children from less well-off families generally have little chance to obtain a good professional education. The number of schools and study places offered by the State is not sufficient. Private schools are expensive. Only expensive schools are in a position to provide the necessary equipment and know-how to teach computer science. The dual vocational training as a training method is virtually non-existent. – Cameroon is ranked 152 out of 186 countries on the United Nations Human Development Index. Unemployment is high, at the same time the country is registering a shortage of skilled workers. Development projects working in the educational field complain about facing difficulties when trying to recruit specialists for computer and solar system installations. Such Projects may be considered potential partners providing commission work for educational projects trying to realize dual vocational training in Cameroon.  –  In Cameroonian economy women are equally active as men, however they tend to work in precarious conditions in the informal sector. If the family lacks money for the education of children, girls usually stand in the queue behind.

Objectives 2016/2017. End of 2016: The basic course (Beginners class) runs optimally. The responsible persons for the Advanced Level concept development are determined. End of 2017: A training concept and a financing plan on Advanced Level is designed. In view of a cooperation, contacts with Swiss training centers are initiated.

by admin

April 18, 2017

In the news

«Les documents publiés sur les maliciels présumés de la NSA donnent des informations aux criminels» - RT en français


RT en français

«Les documents publiés sur les maliciels présumés de la NSA donnent des informations aux criminels»
RT en français
Les prétendus outils de cyber-infiltration de la NSA pourraient être utilisés par toute personne capable de reproduire et de modifier du code informatique, estime Denis Roio, développeur et cofondateur de Dyne.org . Un groupe de pirates nommé Shadow ...
Protecting customers and evaluating risk – MSRC - TechNet Blogs - MicrosoftTechNet Blogs - Microsoft

all 34 news articles »

April 17, 2017

Data Knightmare

dataKnightmare 1x27 - Timeo Danaos

"In dio abbiamo fiducia, gli altri portino i dati?" Sì, magari. Il DataKnightmare ha paura dei peracottari, perfino quando portano i dati -- anzi, soprattutto; perché oggi i dati servono a giustificare la decisione che si vuole prendere, non a scoprire quale sia la decisione giusta. Uno sfogo pasquale.

by Runtime Radio

April 16, 2017

In the news

'Released docs on alleged NSA malware provide instructions for criminals' - RT


RT

'Released docs on alleged NSA malware provide instructions for criminals'
RT
Alleged NSA cyber-infiltration tools empower criminals and intelligence agencies to develop more in this direction, and could be used by anyone able to reproduce and modify the code, software developer and co-founder of Dyne.org Denis Roio says.

Tomb, the Crypto Undertaker 2.4

… – Changes: This release introduces a major new feature with support for asymmetric encryption of Tomb keys using public/private GPG key pairs. It is now possible to protect a Tomb key using a GPG key (which can also be password-less for automations) as well encrypt a Tomb key for multiple recipients (list of G

by Jaromil

April 13, 2017

Vlax

Expose human rights abuses, not the people who survive them (https:...

Expose human rights abuses, not the people who survive them

You’d probably never heard of him last week, but his face has gone viral this week. Dr. David Dao, the man who was dragged off of United Airlines flight #3411 on Sunday, was trying to get home to see patients. Instead, he ended up getting violently dragged off of a flight—to provide space for United crewmembers.

https://blog.witness.org/2017/04/expose-human-rights-abuses-not-people-survive/

Trasformatorio

Easy Approaches To Manage Stress

On the opposite hand, your article might bring about a demand actions centered on patterns of cause and effect you have recognized. The reason and effect essay may end in numerous ways. Remember the length necessities of the article. Inside this section you’ll discover examples of essays belonging to different article kinds and manners of […]

by Victor

Advantages and Disadvantages of HMO and PPO Healthcare Plans

Guy understands he have totally freewill. Guys tend toward believe the cosmos was designed due to their unique use. If somebody understands which he or she can’t understand Lord, then they wont attempt judge additional individuals Every individual understands their particular talents, weaknesses and potential. There are numerous methods a willing individual has the skill […]

by Victor

April 11, 2017

Chokepoint

Hunting Red Team Meterpreter C2 Infrastructure

Introduction

This is part 2 of hunting Red Team C2 Infrastructure. Part 1 covered finding Empire C2 end points. In this post, we will show how to do the same for Meterpreter. There were no immediate crashing bugs found in the Meterpreter HTTP/S handler, but there is still enough information to profile these end points.

Meterpreter

Meterpreter is an advanced C2 infrastructure often used as a payload with the popular Metasploit exploit framework. It's cross-platform and highly extensible. In this post, we will focus on finding the reverse HTTP/S handlers for Meterpreter.

Meterpreter Headers

Using the HTTP request of GET / HTTP/1.0, the following headers were returned.


HTTP/1.1 200 OK
Connection: close
Server: Apache
Content-Length: 44

The thing that stands out here (similar to Empire) is the general lack of headers that would normally be present in a request. Also, the fact that we used HTTP/1.0 as the protocol, but the reply is still for HTTP/1.1

Meterpreter default page


<html><body><h1>It works!</h1></body></html>

Hashes of defaul page

MD5: c7b4690c8c46625ef0f328cd7a24a0a3
SHA1: 12179caec26a089cabcbb75c4dbe0bdfe60951f7
SHA2: 8f3ff2e2482468f3b9315a433b383f0cc0f9eb525889a34d4703b7681330a3fb

Finding Meterpreter Listeners with Shodan

Shodan is a search engine for Security Researchers. They routinely scan common ports across the Internet, and make the data publicly available, and easily searchable. APIs are also provided for automating a lot of the tasks required.

Using the common headers, and default web page listed above, we are able to narrow down the list of possible Meterpreter C2 node candidates on the Internet with a simple query.


'Server: Apache' 'It works!' -'Content-Type' 'Length: 44'

You'll notice that the results returned all are HTTP/1.1 with matching profiles that we scoped out above.

Random URLs

Another characteristic that makes Meterpreter listeners easy to identify, is that all requests that aren't to the backend result in the same response. Random URLs will get the same response as grabbing the index. Legitimate servers will typically produce a 404 error.

GET /lkafjdklfjasdklfjalkdjflkajd HTTP/1.0

Changing default values

There's no excuse for leaving your C2 node exposed to the entire Internet. Use whitelisting of IP space in order to keep your tests in scope, and avoid having other people attack your nodes. In order to change the default server and page discussed above, these are all part of the advanced settings.


use exploit/multi/handler
set payload windows/meterpreter/reverse_http
set LHOST 127.0.0.1
set LPORT 8000
show advanced
set MeterpreterServerName nginx
set HttpUnknownRequestResponse httml_here

Going beyond Shodan

In case there are any questions about the servers found being Meterpreter listeners, the following is a valid URI that will download Stage1 of the Meterpreter session from any given reverse HTTP/S listener.


GET /huO7Mf9GbAoRFBAVSfkxDwLTm3Wcz8n3kuXycv7k4vWV-_dXg3aY1iQy83Cejls15IeYlhUZ0QMT8S1zHKR33-Ga1rVIiV6QNFjXzTgr4lwNq_YR1tqyIbl9ddVzJ8UeYWJ0MJnThtVJ7d46IZnwHYok-XXZJrhqgUaaJMQtmCGCQWFA9tXMVtZtQEaR9Hse2Muw-P5TX4M7LKtm93LLFCT5i1NshdiwcWOnVJq HTTP/1.0

As we discussed in part 1, we can use Scans.io data in order to get a broader search of HTTPS servers. If you still have a copy of the data, you can run a zgrep search like the following to identify possible C2 nodes from this data.


zgrep 'PGh0bWw+PGJvZHk+PGgxPkl0IHdvcmtzITwvaDE+PC9ib2R5PjwvaHRtbD4=' 20170221-https.gz > /tmp/results.json

This may take several minutes to run, as the datasets are generally several gigabytes in size. The result will be a file containing JSON data for each host that returned the default Meterpreter HTML. You can parse this file and extract each IP address that should be tested.

Happy hunting.

by stderr (noreply@blogger.com)

Data Knightmare

dataKnightmare 1x26 - La sovranità sui dati

I nativi delle Americhe scambiavano oro e gemme in cambio di specchietti e perline di nessun valore. Oggi un ospedale pubblico cede milioni di cartelle cliniche pro bono a un'azienda di tecnologia perché sviluppi applicazioni diagnostiche. Trova le differenze. I dati sono forse il nuovo petrolio. Il problema è che le persone non sono fossili.

by Runtime Radio

April 10, 2017

Vlax

Presentación de libro: Sal de la máquina. Superar la adicción a las...

Presentación de libro: Sal de la máquina. Superar la adicción a las nuevas tecnologías

https://soundcloud.com/traficantesdesue-os/sal-de-la-maquina-superar-la-adiccion-a-las-nuevas-tecnologias

Con la participación de Sergio Legaz, autor y Miguel Brieva, dibujante y miembro del consejo editorial de Libros en acción.
https://diasp.org/people/a959b4fab071f623#
"En un mundo como el actual, construido en su mayor parte por las mismas máquinas, tener un conocimiento de la Máquina es el poder más grande que existe".

Audio de Traficantes de sueños: https://dia.so/2gh

https://saldelamaquina.wordpress.com/

#audio #traficantesdesueños #adiccion #moviles #debate #reflexion #autonomia

April 09, 2017

Museo dell Informatica funzionante

Ora e sempre Resistenza: basic electronics course, 4th edition!

Tomorrow, April 11, 2017 until Venerdi 14 Aprile 2017 every day from 16:00 to 19:00,we will held the fourth edition of our fantastic basic electronics course, at the Officine Babilonia – Area Ex Officine Ferroviarie, Viale Giacomo Mancini, Cosenza. (Map)

This fourth edition is reserved to migrants and refugees hosted by “La Kasbah”, and will be held probably in English language.


Subscriptions are closed. We wait you for the next edition! 😉

L'articolo Ora e sempre Resistenza: basic electronics course, 4th edition! sembra essere il primo su Museo dell'Informatica Funzionante.

by asbesto