Infosec.Pub

Comments

cross-posted from: https://libretechni.ca/post/302171

The websites of trains, planes, buses, and ride shares have become bot-hostile and also tor-hostile. This forces us to make a manual labor-intensive effort of pointing and clicking through shitty proprietary GUIs. We cannot simply query for the cheapest trip over a span of time for specified parameters of our choice. We typically must also search one day per query.

Suppose I want to go to Paris, Lyon, Lille, or Marseilles, and I can leave any morning in the next 2 weeks. Finding the cheapest ticket requires 56 manual web queries (4 destinations × 14 days). And that’s for just one carrier. If I want to query both Flixbus and BlaBlaCar, we’re talking 112 queries. Then I have to keep notes - a shortlist of prospective tickets. Fuck me. Why do people tolerate this? (They probably just search less and take a suboptimal deal).

If we write web scraping software, the websites bogart their inventory with anti-bot protectionist mechanisms that would blacklist your IP address. Thereafter, we would not even be able to do manual searches. So of course a bot would have to run over Tor or a VPN. But those IPs are generally blocked outright anyway.

The solution: MitM software

We need some browser-independent middleware that collects the data and shares it. Ideally it would work like a special purpose socat command. It would have to do the TLS handshake with the travel site and offer a local unencrypted port for the GUI browser to connect to. That would be a generic tool comparable to Wireshark (or perhaps #Wireshark can even serve this purpose?) Then a site-specific program could monitor the traffic, parse it, and populate a local SQLite DB. Another tool could sync the local DB with a centralised cloud DB. A fourth tool could provide a UI to the DB that gives us the queries we need.

A browser extension that monitors and shares would be an alternative solution -- but not as good. It would impose a particular browser. And it would be impossible to make the connection to the central DB over Tor while making the browser connection over a different network.

Fares often change daily, so the DB would of course timestamp fares. Perhaps an AI mechanism could approximate the price based on past pricing trends for a particular route. A Flixbus fare will start at 10 but climb to 40 on the day of travel. Stale price quotes would obviously be inexact but when the DB shows an interesting price and you search it manually, the DBs would be updated. The route and schedule info would of course be quite useful (and unlikely stale).

The end result would be an Amadeus DB of sorts, but with the inclusion of environmentally sound ground transport. It could give a direct comparison and perhaps even cause air travelers to switch to ground travel. It could even give us a Matrix ITA Software UI/query tool that’s more broad.

Miscreants cost victims time rather than money During the two-hour window on Monday in which hijacked npm versions were available for download, malware-laced packages reached one in 10 cloud environments, according to Wiz researchers. But crypto-craving crims did little more than annoy defenders.…

It’s less noticeable than a thinner profile or trick camera lenses, but Apple is pointing out another upgrade in the iPhone 17 family of phones that it says is part of “the most significant upgrade to memory safety in the history of consumer operating systems.” Explicitly targeting the spyware industry that produces exploits for tools […]

Wanted to offer you all a list of Los Angeles based defense and mutual coalitions you can join.

These regional and neighborhood groups are growing and need help in areas like outreach, mutual aid (like food and household item distro), rapid response, patrolling, know your rights training, field medicine, opsec, data analytics, and record keeping.

City Wide Groups:

Los Angeles City Wide https://www.instagram.com/communityselfdefensecoalition/

Car Wash Defense https://www.instagram.com/carwasherxs/

Frontline Medics https://www.instagram.com/frontlinemedics/

No Sleep For ICE https://www.instagram.com/no.sleep.for.ice/

Regional Groups:

Glendale Community Defense https://www.instagram.com/growtogetherglendale/

Pasadena’s Grupo Autodefensa https://docs.google.com/forms/d/e/1FAIpQLScQ791YFTIxuD_Nxar5EC3GtuIFtU_3CZuXcVm8OgkQ0DVtpw/viewform

Altadena CDC https://www.signupgenius.com/go/10C054BABA929A6FCC25-58304928-volunteer#/

East Pasadena Defense https://www.instagram.com/eastpasadenacdc/

San GabrielRegion Watch https://signal.group/#CjQKIEvZpDG2bThCXkEPXiUuVATTbDgqziC8OKkUDQBLKMwwEhDsTcePUPrelh706m-l5pnd

Highland Park Community Defense https://www.instagram.com/highland_park_cdc/

Boyle Heights CSO https://www.instagram.com/centrocso/

Cypress Park Defense https://bit.ly/NELAonboard

DTLA Community Patrols https://www.instagram.com/dtlaareacommunitypatrols/

KTown Community Defense https://www.instagram.com/ktownrrn_/ https://www.instagram.com/latu_ktown/

West Hollywood / Bev Hills Community Watch https://signal.group/#CjQKINGR5k8wt9SztdhCPRRS7gsE32g0pCJw12feANlBRCIkEhC-TCupqwKKCT93Nfh-VVSg

North Hollywood has a CDC but I don’t have that info. LATU will. https://www.instagram.com/noho.latenantsunion/

Van Nuys has a CDC at the Home Depot. I don’t know the hours. Try https://www.instagram.com/vannuys_workercenter/.

Mid City Community Watch https://signal.group/#CjQKIHZjRaupiwuPrDEoHe4ABgLHLTFSoOvDy2p60RwWJz9AEhBIdH4VtRo1-e7hRTl420It

West Adams/Mid City Defense Meet online (https://us06web.zoom.us/j/88929729055?pwd=BSuNu1tm2WgXQUWbNGbmo5PG3TKvdo.1#success) at 6:30pm - Wed Sept 10 or in person at Solidarity Hall

South Central Community Watch https://signal.group/#CjQKIDjrch7vv73wYJd2SWElg48kg6bwRVGiRARj1iPHYdbMEhB-WP9KbJSFsxiaueeHFBNs

City of Industry CDC Home Depot on Gale Ave at 7:30am every Wednesday

El Sereno Community Care https://www.instagram.com/elserenocommunitycare/

Baldwin Park CDC Every Thursday and Friday from 8am and on at the Home Depot on Puenta Ave

Covina CDC Every Tuesday and Saturday starting at 8am at the Home Depot on Badillo St.

Baldwin Park / La Puenta / West Covina Defense https://cryptpad.fr/form/#/2/form/view/Kf-7XMujCYfBtnv-KhooS7t1OviRACOsN6VZJDI63QA/

West Covina CDC Every Tuesday at 8am at Home Depot on Azusa Ave

Corona Community Defense https://www.instagram.com/we_protect_corona/

Fontana Neighborhood Watch https://www.instagram.com/fontana.decolonized/

San Bernardino Community Defense https://www.instagram.com/sanbernardino.we_defend_us/

Moreno Valley Ice Defense https://www.instagram.com/stayalert_morenovalley_perris/

Rancho Cucamonga Community Watch https://www.instagram.com/wekeep.us.safe.ranchocucamonga/

Pamona Watch https://www.instagram.com/weprotectpomona/ https://www.instagram.com/iceoutofpomona/

Hemet Watch https://www.instagram.com/i.c.e_breakers951/

Inland Empire Regional Watch https://www.instagram.com/semillas.inlandempire/

Peace Harbor Patrol via UdB (San Pedro area) https://www.instagram.com/harborareapeacepatrols/

Long Beach Community Defense https://www.instagram.com/longbeachrapidresponse/

Santa Ana Ice Defense https://www.instagram.com/defensasantaana/

Orange County Community Defense https://www.instagram.com/occommunityselfdefense/

Comments

HelloGym's data security clearly skipped leg day Exclusive  Sensitive info from hundreds of thousands of gym customers and staff – including names, financial details, and potentially biometric data in the form of audio recordings – was left sitting in an unencrypted, non-password protected database, according to a security researcher who shut it down.…

Kosovo national Liridon Masurica has pleaded guilty to running BlackDB.cc, a cybercrime marketplace that has been active since 2018. [...]

Cryptography experts are warning that X’s current implementation of encryption should not be trusted. While the platform claims to offer end-to-end encrypted messaging through its new XChat feature, the technical details reveal significant gaps that make it far less secure than established alternatives. What we are seeing is encryption theater; the marketing sounds impressive, but […] The post X’s New Encrypted Chat Has Major Security Flaws Experts Warn appeared first on eSecurity Planet.

Yes the caulked it as well.