Tech Komando

Your Best Source For Technology News

January 22, 2022

A white supremacist website got hacked, airing all its dirty laundry

Patriot Front members spray painting in Springfield, Illinois.

Enlarge / Patriot Front members spray painting in Springfield, Illinois. (credit: Unicornriot.ninja)

Chat messages, images, and videos leaked from the server of a white supremacist group called the Patriot Front purport to show its leader and rank-and-file members conspiring in hate crimes, despite their claims that they were a legitimate political organization.

Patriot Front, or PF, formed in the aftermath of the 2017 Unite the Right rally, a demonstration in Charlottesville, Virginia, where one of the attendees rammed his car into a crowd of counter-protesters, killing one and injuring 35 others. PF founder Thomas Rousseau started the group after an image posted online showed the now-convicted killer, James Alex Fields, Jr., posing with members of white supremacist group Vanguard America shortly before the attack. Vanguard America soon dissolved, and Rousseau rebranded it as PF with the goal of hiding any involvement in violent acts.

Since then, PF has strived to present itself as a group of patriots who are aligned with the ideals and values of the founders who defeated the tyranny of the British in the 18th century and paved the way for the United States to be born. In announcing the formation of PF in 2017, Rousseau wrote:

Read 8 remaining paragraphs | Comments


January 18, 2022

Safari and iOS users: Your browsing activity is being leaked in real time

Safari and iOS users: Your browsing activity is being leaked in real time

Enlarge (credit: Getty Images)

For the past four months, Apple’s iOS and iPadOS devices and Safari browser have violated one of the Internet’s most sacrosanct security policies. The violation results from a bug that leaks user identities and browsing activity in real time.

The same-origin policy is a foundational security mechanism that forbids documents, scripts, or other content loaded from one origin—meaning the protocol, domain name, and port of a given webpage or app—from interacting with resources from other origins. Without this policy, malicious sites—say, badguy.example.com—could access login credentials for Google or another trusted site when it’s open in a different browser window or tab.

Obvious privacy violation

Since September’s release of Safari 15 and iOS and iPadOS 15, this policy has been broken wide open, research published late last week found. As a demo site graphically reveals, it’s trivial for one site to learn the domains of sites open in other tabs or windows, as well as user IDs and other identifying information associated with the other sites.

Read 9 remaining paragraphs | Comments


and this