Brave browser leaks visited Tor .onion addresses in DNS traffic, fix released after bug hunter raises alarm Brave has patched up its privacy-focused web browser after it was spotted leaking its Tor users' dark-web habits. The browser has a built-in Tor mode, allowing folks to easily and anonymously surf the dark-web network. However, this code started spilling over the open internet the .onion domains visited by the browser to …
The Reg checked with Kia, and the answer was pretty unequivocal: “We are aware of online speculation that Kia is subject to a ransomware attack," a spokesperson told us. "At this time, and based on the best and most current information, we can confirm that we have no evidence that Kia or any Kia data is subject to a ransomware attack."
Then what else could it be?
The other alternative explanation could be that their IT infra was not up to standards, and something borked, taking out a whole load of services.
“We are learning about these new attacks, some coming from states as part of new conflicts between nations, others coming from mafias,” Macron said in a briefing on Thursday, adding that ANSSI would need support from other countries to beat the ransomware scourge.
The only way to stop these kind of attacks is to identify the ne'er-do-wells 100%, then go and have a nice talk with them, taking a baseballl bat with, and performing some percussion maintenance on the ne'er-do-wells kneecaps as well as any and sundry computer equipment.
Or disconnect completely from the Internet.
Yigitali Ercan, 33, of Philadelphia, was charged with second degree computer hacking after his former bosses told police Ercan had entered the company's computer systems illegally after leaving and made changes to the corporate website. A day later the company was hit by ransomware that encrypted files for extortion.
Probably a wannabe BOFH, or somebody in the company got careless with security?
I was at Google as an SRE, 2015-2016. Come Christmas, we did an "configuration slush"--no configuration changes unless it was to fix a current, live problem.
OMGs dropped 80%. Every year.
That's at a place I would consider to be healthy.
We are are own worst enemies. No outside help is needed.
I never trust any app. Not even the linux kernel. I don't have anything to hide, but it really annoyed me when, in my opinion one of my former employers tried to spy on me.
So to keep the attack surface small shy would you not run tor with two separate boxes with firewall rules ensuring traffic goes where you want? When will the kiddie fiddlers learn. Hopefully never.
OMG Brave leaks urls via DNS queries..... just a short reminder: that Google's Chrome Webview embed you see in loads of apps? That's phoning home to Google with usage data including urls. Most of those apps will not know they have to opt-out of that snooping, and they certainly didn't get their users permission for Google to opt them in by default on their behalf.
https://developer.android.com/guide/webapps/webview-privacy
Reminder: https://www.theregister.com/2014/11/07/euro_cyber_cops_darknet_arrests/
Tor browsing is no more than privacy through obfuscation.
I am well aware there are perfectly sound and honorable reasons for using TOR.
However, I'm delighted when peadophiles, drug dealers, and contract killers are exposed and prosecuted.
In addition I am sure criminals themselves gather and utilize information about who is using TOR for what,
because TOR users are more >likely< to be excellent targets for crime - bitcoin, extortion, etc.
Tor was originally developed as a secure method for US intelligence communication - a different type of ne'er-do-well, if you like. So I get really annoyed when people make out it's solely a tool for criminals.
Tor is primarily a tool for the security-conscious. Given that using a regular browser is tantamount to being followed 24/7 by Google et al, I completely understand Tor usage for normal (non-criminal) Internet users. The same could be said of Telegram and Proton Mail.
Unfortunately, if I was dragged in front of a court tomorrow and the prosecution stated that I used Tor online, that revelation in itself would put the balance of doubt against me, which is a ridiculous situation.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
