In today’s digital age, privacy is a critical concern. Many individuals and organizations use blurring techniques to conceal sensitive information in images or videos, such as faces, license plates, or credit card numbers. However, blurring can compromise the clarity and quality of the content, making it difficult to identify relevant details or recognize faces.
Fortunately, there are alternative techniques to protect sensitive information without blurring it. For example, redaction involves covering the sensitive area with a solid color or pattern, ensuring that the content remains visible and legible while obscuring the sensitive information. This technique is commonly used in government documents to protect classified information.
Incorrectly redacting sensitive information on an image can still result in its exposure.
However, it’s essential to remember that blurring, redaction, or pixelization may not always provide full protection against privacy breaches. Advanced image processing techniques, such as deblurring or de-pixelation algorithms, can recover the original content from blurred or pixelated images. Therefore, it’s crucial to evaluate the risk of privacy breaches and consider additional measures, such as encryption or access control, to ensure data protection.
Recovering blurred image
Using simple deep learning tools, the three-person team was able identify obfuscated faces and numbers with alarming accuracy. On an industry standard dataset where humans had 0.19% chance of identifying a face, the algorithm had 71% accuracy (or 83% if allowed to guess five times). The algorithm doesn’t produce a deblurred image – it simply identifies what it sees in the obscured photo, based on information it already knows. The approach works with blurred and pixelated images, as well as P3, a type of JPEG encryption pitched as a secure way to hide information.
Specialized tools for seeing through blur and pixelation have been popping up throughout this year, like the Max Planck Institute’s work on identifying people in blurred Facebook photos. What distinguishes the UT and Cornell research is its simplicity. The attack uses Torch (an open-source deep learning library), Torch templates for neural networks, and standard open-source data. (source: University of California)
Even photos obscured by YouTube’s blur feature (center, right) can be recognized.
Recovering pixelize passwords
There are many tools used for recovering passwords from pixelized screenshots. One of such tools is depix. The author of this tool stated:
“Pixelization is used in many areas to obfuscate information in images. I’ve seen companies pixelize passwords in internal documents. No tools were available for recovering a password from such an image, so I created one. This article covers the algorithm and similar research on depixelization.”
Here is a video presentation of depixelization:
Google maps blurring can fail
The blurring protection implemented by Google Maps on its images may occasionally prove to be ineffective, especially when attempting to view a blurred object from different angles.
Final word
Blurring may seem like a simple way to hide sensitive information, but it’s not secure for protecting privacy. Alternatives like redaction or pixelation can better obscure sensitive details while keeping other parts of the content clear. However, these methods still have limitations and risks, so it’s essential to apply additional safeguards to ensure data privacy and security.
Thieves hold credit cards using a laptop computer for password hacking activities. Cyber crime concepts.
Last year, our team conducted an extensive investigation of fake online stores, which are becoming increasingly common on the Internet. At the beginning of the analysis, we noticed that some products are being advertised on social networks or even through Google ads.
First, we tried to collect as many fake online stores as possible, compare them with legitimate ones, and identify all indicators that specifically suggest fraud or, in our case, a fake online store.
Next, using unique file names and the urlscan.io, we obtained a larger database of fake online stores.
The entire database is available on our cloud system: here.
Among the collected data, we noticed that the ZenCart or Magento system is used to manage online stores.
From the very beginning, everything indicated that a well-organized criminal group was from China. They owned hundreds of servers, domains, paid advertising campaigns that spread fake cheap products.
The next day, we continued the investigation by analyzing the mail server, which was rented from the Russian company Yandex. We discovered several email addresses, and we also sent a message to one of them in the hope of collecting more information. In the picture below, you can see our message and a link to one of their online stores.
With further research, we discovered a security flaw for redirection on the mentioned website, which also allowed us to hide a hidden redirection on our server. The hex-encoded converted IP address of our server stands behind the URL parameter &goto=. For example, if you click on this link http://0x8efaba4e, your browser will redirect you to google.com.
We found out how scammers work, their technical infrastructure, developed an algorithm for detecting new online stores, and discovered what is most important for Internet users – the thread that distinguishes between a fake and a legitimate online store. We realized that we were dealing with a well-organized criminal group, which, besides those 300 links, owns at least a couple of thousand fake online stores. The main goal of our research is to gather as much information as possible and to warn and educate users based on what we have learned through entire research.
What can happen if you buy a product through a fake online store?
In one case, we tried to make a payment with a fake generated credit card and found that the card data is sent to the server in an unprotected format (plain text). This means that your bank account may be at risk.
The card number, CVV, and expiration date.
Some websites contained suspicious background files that are often found on websites that spread infections, so we recommend avoiding such websites.
How to recognize a fake online store?
Incredibly low prices
The first sign that indicates fraud is an incredibly low price. If it sounds too good to be true, it usually is a fraud. Most of the online stores that we analyzed had products that were too cheap, so they try to convince the user to buy a certain product in this way.
Insufficient contact information
Every online store must contain information about the company and contact information, such as the name and address of the company, country, phone number, mail address, etc. Research has shown that most fake sites do not have enough contact information.
User reviews
User reviews standing on the website are false, so always check on other pages. In our case, most websites did not have social networks or used a foreign social network with a similar name. We have also seen cases where fraudsters buy a domain with a very similar name. The domain of the fake online store is smithdesing.it and the domain of the legitimate online store is smithdesign.com.
This is because the human mind does not read every word separately, but processes the whole.
Unclear product return policy
Fake online stores often have an unclear policy regarding product returns and refunds.
Today’s fake online stores look attractive and use HTTPS
Don’t be misled if an online store uses https, as research has shown that almost 90% of such online stores use SSL. Pay attention to every detail, as fraudsters always improve their deception methods.
Conclusion
We are satisfied that we have achieved our goal because most websites have been shut down after we sent mass reports to hosting providers or registrars.
If you are not sure whether a website is safe for you, you can contact us, and we will advise you for free.
If you have bought something and only then realized that it is a fake store, contact your bank or credit card company immediately and report the fraud.
Certbot is part of EFF’s effort to encrypt the entire Internet. Secure communication over the Web relies on HTTPS, which requires the use of a digital certificate that lets browsers verify the identity of web servers (e.g., is that really google.com?). Web servers obtain their certificates from trusted third parties called certificate authorities (CAs). Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server.
Obtaining an SSL Certificate
To obtain an SSL certificate with Let’s Encrypt, you will need to install client Certbot on your server. In our case we will use default Ubuntu package repositories to install Certbot.
Apache:
sudo apt install certbot python3-certbot-apache
Nginx:
sudo apt install certbot python3-certbot-nginx
Run this command to get a certificate and have Certbot edit your apache configuration automatically to serve it, turning on HTTPS access in a single step.
The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:
sudo certbot renew –dry-run
You can add this command in cronjob running crontab -e:
Next step is to confirm that your website is properly configured to use new certificate and is accessible over HTTPS. To do this, navigate to your website over web browser, making sure to specify the https:// protocol when entering your URL.
Always check your SSL grade and follow some of the best practice to have higher level of security.
If you have lost your iPhone, iPad, or iPod touch or suspect that it has been stolen, you can use Find My iPhone. This feature allows you to locate your device, notify the finder, or erase the data on your device
Step 1
Look for your device on a map
To find your device, sign in to iCloud.com/find. Or use the Find My app on another Apple device that you own.
By marking your device as lost, you can secure your information by remotely locking it with a passcode. This action also deactivates Apple Pay on the missing device. Additionally, you have the option to showcase a customized message on the lost device that includes your contact information.
Step 3
Remotely erase your device
If you erase a device that had iOS 15, iPadOS 15, or later installed, you can still use Find My to locate the device or play a sound on it. Otherwise, you won’t be able to locate the device or play a sound after you erase it.
If you have AppleCare+ with Theft and Loss, do not remove the device from Find My or your Apple ID.
Step 4
Contact your wireless carrier
If the missing device is an iPhone or an iPad with cellular, it is recommended to notify your wireless carrier about the lost device. Request the carrier to deactivate your account so that no calls, texts, or data can be used on the device. Moreover, if your wireless carrier plan covers the lost device, you should file a claim.
Step 5
Protect your sensitive information
Change passwords for sensitive accounts and private keys of your crypto wallets: If you have any sensitive accounts or cryptocurrency wallets associated with your lost iPhone, it is essential to change the passwords immediately. This will prevent unauthorized access to your accounts and protect your digital assets. You should also consider transferring your cryptocurrency funds to a new wallet to ensure their safety.
Use a passcode and enable Find My app: It is important to use a passcode and enable the Find My app on your iPhone before it gets lost or stolen. This can help you locate your device and prevent others from accessing your personal information.
Several NFT-related Twitter accounts have raised awareness about individuals who are posing as bad actors and sending direct messages (DMs) claiming to have “access to their wallet.” In many cases they included a video as a proof.
Since a new case of this particular scam was reported today, we have decided to provide further explanation about it, as it may not be familiar to many users.
Warning: Lack of awareness about this type of scam can leave users vulnerable to intimidation and extortion tactics by scammers.
This is a message from the scammer to the user, attempting to extort 7 ETH, which is currently valued at $11,412 USD. Fortunately, this user was familiar with this particular scam and chose not to engage with the scammer’s attempt to extort cryptocurrency funds from him.
Explanation of scam
This type of scam uses a read-only mode of wallet, and they (scammers) cannot send transactions from a wallet in watch-only mode since they do not have your private key.
Here is an example of video where we demonstrated by using vitalik.eth wallet in read-only mode.
As the popularity of cryptocurrencies continues to grow, so does the number of scams related to them. It is crucial to be aware of different types of scams and to take measures to protect your digital assets. One of the most important things you can do is to safeguard the private keys of your crypto wallets, as these are the keys that provide access to your funds.
Make sure to follow our blog, as we always publish new articles related to web3 security & privacy.
