Hacker News: tony101

Limit precise location from cellular networks

tony101 — Tue, 27 Jan 2026 06:43:26 +0000

Article URL: https://support.apple.com/en-us/126101

Comments URL: https://news.ycombinator.com/item?id=46776306

Points: 3

# Comments: 0

New comment by tony101 in "Permission Slip: App to take back control of your data"

tony101 — Sun, 29 Jan 2023 09:51:06 +0000

From their FAQ:

“Permission Slip helps you exercise your right to privacy under the California Consumer Privacy Act (CCPA) by acting as your ‘authorized agent’ and sending data requests to companies for you.”

https://www.permissionslipcr.com/faq.php

The California Attorney General is monitoring companies’ compliance with authorized agent requests:

“The sweep also focuses on businesses that failed to process consumer requests submitted via an authorized agent, as required by the CCPA. Requests submitted by authorized agents include those sent by Permission Slip, a mobile application developed by Consumer Reports that allows consumers to send requests to opt-out and delete their personal information.”

https://oag.ca.gov/news/press-releases/ahead-data-privacy-da...

New comment by tony101 in "Permission Slip: App to take back control of your data"

tony101 — Sun, 29 Jan 2023 05:29:43 +0000

Refer to https://digital-lab.consumerreports.org/2022/11/16/introduci...

Permission Slip: App to take back control of your data

tony101 — Sun, 29 Jan 2023 04:08:01 +0000

Article URL: https://digital-lab.consumerreports.org/2022/11/16/introducing-permission-slip/

Comments URL: https://news.ycombinator.com/item?id=34564800

Points: 82

# Comments: 45

Cellebrite's phone forensics software and documentation leaked

tony101 — Sun, 15 Jan 2023 00:00:00 +0000

Article URL: https://ddosecrets.substack.com/p/cellebrite-msab-phone-forensics-leak

Comments URL: https://news.ycombinator.com/item?id=34385358

Points: 8

# Comments: 0

Making unphishable 2FA phishable

tony101 — Thu, 01 Dec 2022 01:26:56 +0000

Article URL: https://mjg59.dreamwidth.org/62175.html

Comments URL: https://news.ycombinator.com/item?id=33810984

Points: 194

# Comments: 54

New comment by tony101 in "Secure messengers in war time"

tony101 — Wed, 02 Mar 2022 04:56:49 +0000

> “ 1. it is not free software”

What are you talking about?

https://github.com/signalapp/Signal-Android/blob/master/LICE...

https://github.com/signalapp/Signal-iOS/blob/master/LICENSE

https://github.com/signalapp/Signal-Server/blob/master/LICEN...

Twitter compiles a list of your interests and won't let you opt out

tony101 — Sun, 19 Dec 2021 03:47:07 +0000

Article URL: https://twitter.com/tonyt451/status/1472408600295346176

Comments URL: https://news.ycombinator.com/item?id=29611125

Points: 14

# Comments: 3

New comment by tony101 in "We are seeing continued DDoS attacks against our infrastructure"

tony101 — Sun, 31 Oct 2021 20:18:09 +0000

ProtonMail managed to figure it out after the DDoS attack they faced 5 years ago:

https://protonmail.com/support/knowledge-base/email-ddos-pro...

New comment by tony101 in "We are seeing continued DDoS attacks against our infrastructure"

tony101 — Sun, 31 Oct 2021 20:16:35 +0000

ProtonMail managed to figure it out after the DDoS attack they faced 5 years ago:

https://protonmail.com/support/knowledge-base/email-ddos-pro...

Plaid paid people $500 for their employer payroll logins

tony101 — Wed, 12 May 2021 03:16:08 +0000

Article URL: https://www.vice.com/en/article/bvzzqa/plaid-paid-500-dollars-workplace-logins

Comments URL: https://news.ycombinator.com/item?id=27126214

Points: 92

# Comments: 95

New comment by tony101 in "Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer"

tony101 — Wed, 21 Apr 2021 19:24:16 +0000

A reminder that you can pair lock your iPhone to prevent analysis by Cellebrite or similar tools: https://arkadiyt.com/2019/10/07/pair-locking-your-iphone-wit...

New comment by tony101 in "Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer"

tony101 — Wed, 21 Apr 2021 17:07:12 +0000

I wonder if the intention here is to deter Cellebrite from parsing Signal files? Or to pressure them into fixing their security vulnerabilities?

New comment by tony101 in "Effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities"

tony101 — Wed, 14 Apr 2021 02:47:02 +0000

The warrant is actually quite specific, down to the exact URL paths of the shells to be searched and removed.

See pages 20 and 21 of https://www.justice.gov/opa/press-release/file/1386631/downl...

New comment by tony101 in "Effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities"

tony101 — Wed, 14 Apr 2021 02:45:22 +0000

Why would it not be a valid warrant? The web shells are evidence of a crime.

Also, the typical remedy for a defective warrant is suppression of seized evidence, not criminal prosecution.

New comment by tony101 in "Effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities"

tony101 — Wed, 14 Apr 2021 02:43:48 +0000

It is not a crime because they had a search warrant signed by a judge. https://www.justice.gov/opa/press-release/file/1386631/downl...

New comment by tony101 in "Effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities"

tony101 — Wed, 14 Apr 2021 02:42:00 +0000

No. "This warrant authorizes the use of remote access techniques to search the electronic storage media identified in Attachment A and to seize and copy from the electronic storage media identified in Attachment A the web shells, used by actors to communicate with and distribute files to victim computers to infect them with malware, as evidence and/or instrumentalities of the computer fraud and conspiracy in violation of Title 18, United States Code, Sections 1030(a)(2) (theft from a protected computer), 1030(a)(5)(A) (damage to a protected computer) and 371 (conspiracy). This authorization includes the use of remote access techniques to access the web shells and issue commands through the web shells to the software running on the electronic storage media to delete the web shells themselves.

This warrant does not authorize the seizure of any tangible property. Except as provided above, this warrant does not authorize the seizure or copying of any content from the electronic storage media identified in Attachment A or the alteration of the functionality of the electronic storage media identified in Attachment A."

https://www.justice.gov/opa/press-release/file/1386631/downl...

New comment by tony101 in "Effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities"

tony101 — Wed, 14 Apr 2021 02:40:20 +0000

Indeed, there is a search warrant signed by a judge: https://www.justice.gov/opa/press-release/file/1386631/downl...

See pages 18 to 21.

New comment by tony101 in "Effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities"

tony101 — Wed, 14 Apr 2021 02:39:02 +0000

Warrant signed by judge: https://www.justice.gov/opa/press-release/file/1386631/downl...

See pages 18 to 21.

This is a search. Specifically, the web shells are (1) evidence of a crime, (2) contraband, fruits of crime, or other items illegally possessed, and (3) property designed for use, intended for use, or used in committing a crime. Any one of these three would be a valid basis for a search warrant.

New comment by tony101 in "Effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities"

tony101 — Wed, 14 Apr 2021 02:36:34 +0000

Warrant signed by judge: https://www.justice.gov/opa/press-release/file/1386631/downl...

See pages 18 to 21.