How to waste a day debunking someone else's scoop:

Someone forwarded me this recent story from Straight Arrow News (a publication I didn't previously know existed) which rather breathlessly claimed millions of cars were at risk from new custom firmware sold by a Russian hacker that would enable Flipper Zero users to unlock the doors and trunks of countless makes and models of different cars for a few hundred bucks. Basically, turn the Flipper into a sub-Ghz repeater that can intercept and replay the radio signal sent out when someone presses their car key fob.

https://san.com/cc/millions-of-cars-at-risk-from-flipper-zero-key-fob-hack-experts-warn/

I was skeptical of this story because I recalled reading a blog post from Flipper last year after the Canadian government said it was going to ban flippers. In response, Flipper Devices wrote:

"We are not aware of any officially confirmed cases of theft using a Flipper Zero. This is because the device has limited functionality and can't be used as a repeater to attack keyless entry systems. Flipper Zero is equipped with only one sub-1 GHz radio module, while keyless repeaters have 4 radio modules: one for communication with the car, another one for communication with the key fob, and two for communication between the repeaters."

https://blog.flipper.net/response-to-canadian-government/

It took several hours of questioning the Russian guy on Telegram for him to admit that using his firmware successfully requires additional radio units and other stuff not pictured in most of his sales videos.

https://www.youtube.com/@DjonixTV/videos

I asked him whether he was at all concerned that the Russian authorities might be interested in him, and he curtly replied that this was his concern, not mine. Later he asked why I'd asked this question.

It turns out, in one of his videos he replied to a comment by posting a Google Docs link to a spec and pricing sheet. Clicking "details" on the Google Docs file showed a username and author: [email protected]. Searching on this address in breach tracking services finds it is associated with multiple Russian government records saying the email belongs to a guy from Moscow named Danil Viktorovich Doragu who uses the phone number 79267824950. That phone number is tied to a Telegram account for user "r3df0xx," and a search on this username in Intel 471 finds Daniel has been selling custom firmware for Flipper devices for several years. Oh, and his LinkedIn profile includes a link to the GitHub account "DarkFlippers."

https://www.linkedin.com/in/daniil-dogaru-a58199208/

So…who hates those Google log-in pop-ups that are seemingly everywhere now? Wanna make them go away?

1. Get uBlock Origin (which you should have already been using):

https://github.com/gorhill/uBlock

2. Open the plugin and click the settings button.

3. Click on the “my filters” tab and paste this into the input:

||accounts.google.com/gsi/*$xhr,script,3p

That’s it! Worked flawlessly for me.

(Updated URL. Thx @IceWolf
and @emz!)

#Google #Privacy #Security #PopUps #InfoSec #BadGoogle

"If I Fits" is one of two paintings celebrating cats in boxes! It's also number 20 in the Close Encounters Collection.

#cat #art

My Twitter account had been locked for something like 2 years.

It is now gone.

And aside from the occasional in-video references to it, the links have been removed from my YouTube channel.