Reddit climate "scientist" uses "critical thinking" & cartoons to fight "misinformation"

zyxzevn · 2020-02-25T18:33:03+00:00

Oh god. I did not know.

zyxzevn · 2020-02-25T15:28:08+00:00

Comedian: Ismo Leikola
From: https://imgur.com/gallery/3kHimxR

zyxzevn · 2020-02-24T22:53:54+00:00

Moving towards China style censorship.

But I think it is distracting from the fake quarantining of /The_Donald. And many other manipulations behind the scene.

Reddit is manipulating elections, directly. Just like Google (ABC). But need to be silent about it, so they hide it behind algorithms and "incidents".
I wonder if Veritas could find some more info..

There is also a lot of fake news around "Russian bots". Most of them turn out to be Democrats- bots or political concerned citizens.

Most manipulation is done by US Organisations (and Israel) that want to push a certain narrative. I did not forget "Correct The Record", or "The Lobby", or "Iraq WMDs".

zyxzevn · 2020-02-24T15:39:03+00:00

Quick copy/paste to preserve some of the history..

Vulnerabilities we discovered

In our analysis of PayPal’s mobile apps and website UI, we were able to uncover a series of significant issues. We’ll explain these vulnerabilities from the most severe to least severe, as well as how each vulnerability can lead to serious issues for the end user.

#1 Bypassing PayPal’s two-factor authentication (2FA)

Using the current version of PayPal for Android (v. 7.16.1), the CyberNews research team was able to bypass PayPal’s phone or email verification, which for ease of terminology we can call two-factor authentication (2FA). Their 2FA, which is called “Authflow” on PayPal, is normally triggered when a user logs into their account from a new device, location or IP address. How we did it

In order to bypass PayPal’s 2FA, our researcher used the PayPal mobile app and a MITM proxy, like Charles proxy. Then, through a series of steps, the researcher was able to get an elevated token to enter the account. (Since the vulnerability hasn’t been patched yet, we can’t go into detail of how it was done.) token values with permisions

The process is very simple, and only takes seconds or minutes. This means that attackers can gain easy access to accounts, rendering PayPal’s lauded security system useless.

What’s the worst case scenario here?

Stolen PayPal credentials can go for just $1.50 on the black market. Essentially, it’s exactly because it’s so difficult to get into people’s PayPal accounts with stolen credentials that these stolen credentials are so cheap. PayPal’s authflow is set up to detect and block suspicious login attempts, usually related to a new device or IP, besides other suspicious actions.

But with our 2FA bypass, that security measure is null and void. Hackers can buy stolen credentials in bulk, log in with those credentials, bypass 2FA in minutes, and have complete access to those accounts. With many known and unknown stolen credentials on the market, this is potentially a huge loss for many PayPal customers. PayPal’s response

We’ll assume that HackerOne’s response is representative of PayPal’s response. For this issue, PayPal decided that, since the user’s account must already be compromised for this attack to work, “there does not appear to be any security implications as a direct result of this behavior.” HackerOne's muted response to the PayPal 2FA bypass

Based on that, they closed the issue as Not Applicable, costing us 5 reputation points in the process.

#2 Phone verification without OTP

Our analysts discovered that it’s pretty easy to confirm a new phone without an OTP (One-Time Pin). PayPal recently introduced a new system where it checks whether a phone number is registered under the same name as the account holder. If not, it rejects the phone number. How we did it

When a user registers a new phone number, an onboard call is made to api-m.paypal.com, which sends the status of the phone confirmation. We can easily change this call, and PayPal will then register the phone as confirmed. editing phone number on paypal account

The call can be repeated on already registered accounts to verify the phone. What’s the worst case scenario here?

Scammers can find lots of uses for this vulnerability, but the major implication is unmissable. By bypassing this phone verification, it will make it much easier for scammers to create fraudulent accounts, especially since there’s no need to receive an SMS verification code. PayPal’s response

Initially, the PayPal team via HackerOne took this issue more seriously. However, after a few exchanges, they stopped responding to our queries, and recently PayPal itself (not the HackerOne staff) locked this report, meaning that we aren’t able to comment any longer.

#3 Sending money security bypass

PayPal has set up certain security measures in order to help avoid fraud and other malicious actions on the tool. One of these is a security measure that’s triggered when one of the following conditions, or a combination of these, is met:

You’re using a new device
You’re trying to send payments from a different location or IP address
There’s a change in your usual sending pattern
The owning account is not “aged” well (meaning that it’s pretty new)

When these conditions are met, PayPal may throw up a few types of errors to the users, including:

“You’ll need to link a new payment method to send the money” 
“Your payment was denied, please try again later”

How we did it

Our analysts found that PayPal’s sending money security block is vulnerable to brute force attacks. What’s the worst case scenario here?

This is similar in impact to Vulnerability #1 mentioned above. An attacker with access to stolen PayPal credentials can access these accounts after easily bypassing PayPal’s security measure. PayPal’s response

When we submitted this to HackerOne, they responded that this is an “out-of-scope” issue since it requires stolen PayPal accounts. As such, they closed the issue as Not Applicable, costing us 5 reputation points in the process.

#4 Full name change

By default, PayPal allows users to only change 1-2 letters of their name once (usually because of typos). After that, the option to update your name disappears.

However, using the current version of PayPal.com, the CyberNews research team was able to change a test account’s name from “Tester IAmTester” to “christin christina”. It was pretty easy to change our test account's name, bypassing PayPal's name change security How we did it

We discovered that if we capture the requests and repeat it every time by changing 1-2 letters at a time, we are able to fully change account names to something completely different, without any verification.

We also discovered that we can use any unicode symbols, including emojis, in the name field. What’s the worst case scenario here?

An attacker, armed with stolen PayPal credentials, can change the account holder’s name. Once they’ve completely taken over an account, the real account holder wouldn’t be able to claim that account, since the name has been changed and their official documents would be of no assistance. PayPal’s response

This issue was deemed a Duplicate by PayPal, since it had been apparently discovered by another researcher.

#5 The self-help SmartChat stored XSS vulnerability

PayPal’s self-help chat, which it calls SmartChat, lets users find answers to the most common questions. Our research discovered that this SmartChat integration is missing crucial form validation that checks the text that a person writes. PayPal's SmartChat stored XSS vulnerability How we did it

Because the validation is done at the front end, we were able to use a man in the middle (MITM) proxy to capture the traffic that was going to Paypal servers and attach our malicious payload. What’s the worst case scenario here?

Anyone can write malicious code into the chatbox and PayPal’s system would execute it. Using the right payload, a scammer can capture customer support agent session cookies and access their account.

With that, the scammer can log into their account, pretend to be a customer support agent, and get sensitive information from PayPal users. PayPal’s response

The same day that we informed PayPal of this issue, they replied that since it isn’t “exploitable externally,” it is a non-issue. However, while we planned to send them a full POC (proof of concept), PayPal seems to have removed the file on which the exploit was based. This indicates that they were not honest with us and patched the problem quietly themselves, providing us with no credit, thanks, or bounty. Instead, they closed this as Not Applicable, costing us another 5 points in the process.

6 Security questions persistent XSS

This vulnerability is similar to the one above (#5), since PayPal does not sanitize its Security Questions input. How we did it

Because PayPal’s Security Questions input box is not validated properly, we were able to use the MITM method described above.

Here is a screenshot that shows our test code being injected to the account after refresh, resulting in a massive clickable link: PayPal's security questions persistent XSS What’s the worst case scenario here?

Attackers can inject scripts to other people’s accounts to grab sensitive data. By using Vulnerability #1 and logging in to a user’s account, a scammer can inject code that can later run on any computer once a victim logs into their account.

This includes:

Showing a fake pop up that could say “Download the new PayPal app” which could actually be malware.
Changing the text user is adding. For example, the scammer can alter the email where the money is being sent.
Keylogging credit card information when the user inputs it.

There are many more ways to use this vulnerability and, like all of these exploits, it’s only limited by the scammer’s imagination. PayPal’s response

The same day we reported this issue, PayPal responded that it had already been reported. Also on the same day, the vulnerability seems to have been patched on PayPal’s side. They deemed this issue a Duplicate, and we lost another 5 points.

zyxzevn · 2020-02-22T16:12:05+00:00

2020, February 22nd
The Monstrous Lie Behind CrowdStrike

zyxzevn · 2020-02-22T03:47:08+00:00

Full retard nonsense again.
Russia Helping Bernie's Campaign? Or Establishment Liars Wanting To Smear Him? - Jason Bermas
But the American public will need 4 years of investigations to find out the obvious.

zyxzevn · 2020-02-21T00:09:39+00:00

Longer Bitchute version: https://www.bitchute.com/video/ura8fSVpDL8E/

zyxzevn · 2020-02-21T00:03:11+00:00

Collarteral Murder Video

Watched it an hour ago. Blocked already. Found a Bitchute version:
https://www.bitchute.com/video/ura8fSVpDL8E/

zyxzevn · 2020-02-20T03:24:38+00:00

Article has been edited.
WaPo Claims Elites Should Run Elections; Quietly Edits Article After Public Outrage Ensues

zyxzevn · 2020-02-19T16:41:15+00:00

Chinese hackers can also hack Tesla autopilot to drive into oncoming traffic.
https://www.rt.com/news/455341-chinese-hackers-tesla-autopilot/
This has probably been used by the CIA to take out Putin's bodyguard.

zyxzevn · 2020-02-19T14:36:33+00:00

Newsguard is propaganda tool.

Addition: Those are very biased organisations that determine what is a correct and what is not.
They use this power to push certain narratives that fit their organisation's politics. One of the known organisations is the Atlantic Council that is also spreading made up news to give their targetted opponents a bad name.

zyxzevn · 2020-02-19T00:55:06+00:00

Heat is not the problem.
The plasma inside the cells are reacting to the electromagnetic waves.
Like a grape in a microwave.
https://www.youtube.com/watch?v=wCrtk-pyP0I

The ions are conducting the electricity, which causes the enormous radiant plasma. The plasma inside the cells are ions contained in water and have a far less violent reaction.

In studies, we can indeed see that ions are pushed through membranes inside the cell, and are able to damage the cell. But this is only the surface of all the biochemistry that happening inside cells and the body.

These hazards are not looked at by standards that were introduced by the navy, that used big radar systems that made some people get radar-injuries. That way the injuries seemed avoided. These standards were never changed to deal with bio-electrochemistry and long term exposure.

For peer reviewed research and other info see: http://www.microwavenews.com

zyxzevn · 2020-02-18T14:42:13+00:00

Backup link: https://i.imgur.com/Spiw2mB.jpg

zyxzevn · 2020-02-18T02:25:41+00:00

The servers get a "do not track" flag from the browser.
But this may interest the FBI/etc to look at what you don't want to be tracked.

zyxzevn · 2020-02-17T20:47:00+00:00

Peach Farmer Bill Bader Beats Bayer (Monsatan)

zyxzevn · 2020-02-17T17:08:40+00:00

Cat Food Deduction seems ok.
Free food for all cats!!!

Note: I think the list misses some of the more evil tax loopholes that billionaires use.

zyxzevn · 2020-02-15T23:36:09+00:00

They were ISIS all along, even when the USA was arming them. Working together with Al Qaeda/ Al Nusra who got popular in the media as the white helmets with all of their staged videos.

Note: The US seems to fight them, but before bombing starts of ISIS places, the USA sends helicopters to evacuate their ISIS fighters. Unknown to the pilots they are bombing the hostages and witnesses. Some of the training of ISIS and Al Queda takes place in the US by the CIA. They are there to keep the war going, to harvest poppies and to harvest organs.

There are many trillions going into this business. How many psychopaths would not kill a some folks for a million?

zyxzevn · 2020-02-15T20:18:49+00:00

Additional info:
Single-photon emission from single-electron transport in a SAW-driven lateral light-emitting diode

While the article claims how they got single photon emissions, the article shows how they use a radio-transmission.
The electromagnetic waves in the transmission have a saw like structure.

They tune it in a way that the receiver only receives EM-energy in cycles, and these cycles are called "photons". The cycles seem directly related to the threshold of the receiver.

The article argues that the receiver only gets photons, because the energy should not be received in cycles if it was purely electromagnetism. But they do not know about any threshold.

In my short read, it seems to me that in figure 3, the threshold fills up, and then goes back to zero in a clear cycle.

But research like this is interesting, and more specialized experiments might reveal more physics.

zyxzevn · 2020-02-15T15:37:02+00:00

A cannon is pretty worthless.
But I think the real weapons of all nations are still top secret.

zyxzevn · 2020-02-14T17:06:51+00:00

Europe had been doing fine, until all the immigrants were invading.
Pushed by Soros, Israel and the US.

We even have/had a functional democracy, until the EU system became lobby based.

Note: I can not see the website, probably because it wants to track my personal data for NSA (Google) and CIA (Facebook).
Note2: All successful US companies are monopolies sponsored by the state.

zyxzevn · 2020-02-14T04:59:48+00:00

Fear of the natural based moon calender. Based on the damnation of older cultures by the Catholic church.

The church also closed off ancient holy sites, or build churches on top of them.
They could not remove the solstice, so we got Christmas instead. And Easter to replace the spring festivities.

zyxzevn · 2020-02-13T20:24:46+00:00

Found on reddit: Everyone disliked that

zyxzevn · 2020-02-13T13:46:16+00:00

Politicians like Wiener.

zyxzevn · 2020-02-13T04:15:45+00:00

".. TRIGGERED!"

zyxzevn · 2020-02-13T00:02:31+00:00

You mean that it is considered a crime by those in power.

zyxzevn · 2020-02-13T00:00:59+00:00

Ok. You argument is: Truth gets you killed.

zyxzevn · 2020-02-12T19:04:31+00:00

Jason Bermas explains the problem of this new strategy.

The russia-hoax is being used to setup much more than a cold cyber war. It will be a war against whistleblowers and organisations like wikileaks. The report pretends that Trump was elected by the Russians. And that the problems in our society are produced by whistleblowers, journalists and foreign intelligence. It will be signed by Trump..

The problems that are directly caused by CIA and Mossad involvement, are blamed on everyone that opposes them. That may be everyone on this website. Or anyone who is intelligent.

zyxzevn · 2020-02-12T13:19:16+00:00

Since when does Bernie openly support Wkileaks?
Would be great if he did, though.

zyxzevn · 2020-02-11T18:58:10+00:00

Joining me today is Vanessa Beeley, an independent investigative journalist and photographer who has worked extensively in the Middle East – on the ground in Syria, Egypt, Iraq and Palestine, and has covering the conflict in Yemen since 2015. In 2018, Vanessa was named one of the 238 most respected journalists in the UK by the British National Council for the Training of Journalists. In 2019, Vanessa was among the recipients of the Serena Shim Award for uncompromising integrity in journalism. Today we are discussing Syria, Idlib and the wall of propaganda surrounding all of it.

Her YT - https://www.youtube.com/channel/UCqySDfPcmKYq6oUeC03y57A

zyxzevn · 2020-02-11T13:26:53+00:00

Far too much for those minor crimes, like obstructing a hoax.
I would probably have said to the investigators to go fuck themselves.

zyxzevn · 2020-02-11T13:01:03+00:00

On Feb. 10, Abby Martin filed a lawsuit in federal court challenging a Georgia law requiring all independent contractors to sign a pro-Israel pledge, promising to not participate or advocate the Boycott, Divestment and Sanctions movement against Israeli crimes.

Abby is working with two renowned civil rights organizations, the Council on American-Islamic Relations (CAIR) and The Partnership for Civil Justice Fund (PCJF).

This is Qalqiliyaa, where 100,000 Palestinians live surrounded by an Israeli wall from three sides. The fourth side is controlled by a gate that can be closed by an Israeli soldier at any time. History repeats itself. https://www.reddit.com/r/conspiracy/comments/f1mrdh/this_is_qalqiliyaa_where_100000_palestinians_live/

the city has 4 main exits:

Nablus street exit: narrow, but is still open. It's a one lane per line street which has an Israeli checkpoint right on the outside of the city. This is the one where Israeli soldiers go and block for training. Toulkarm street exit: has been blocked for +30 years. Only workers with permission can go, and only without cars. Habla street exit: one lane per line street. Has a barrier which closes it at any given moment. Habla alternative exit: fairly recently opened and can be closed at any given point. the population is not allowed to grow as it could because the city is surrounded by the racial separation wall and therefore people are unable to expand. Furthermore, the northern parts of the city (on the left in this photo) are farmlands which farmers are only allowed to use for farming. They are not allowed to build houses there in their own lands. If they do, they are brought down quickly. The closest thing to a house they can build in these areas is a one story building where the roof can not be concrete and therefore you cannot build more stories if you want to.

During protests, snipers try to hit the knees to injure them for life.
For fun(?) they sometimes wear double kill t-shirts that show them killing pregnant women.

But in the US it is forbidden to speak about it.

zyxzevn · 2020-02-10T21:07:50+00:00

EU #0
China #-1

zyxzevn · 2020-02-10T15:34:05+00:00

Just let it go past 12, and surprise..
..there is another day.

zyxzevn · 2020-02-10T00:07:38+00:00

Sadly, the US pentagon (+deep state) is the reason we still have a cold war with Russia.

Addition: The Pentagon $35 Trillion 'Accounting Black Hole' causes a huge debt and has created immense dark money market.

zyxzevn · 2020-02-09T18:28:16+00:00

The image is from a pulsar signal
https://en.wikipedia.org/wiki/Unknown_Pleasures
These pulsars were even called "little green men" for a short while ( video ).

zyxzevn · 2020-02-09T17:33:05+00:00

More discussion on reddit here:
(/r/DeclineIntoCensorship)
https://www.reddit.com/r/DeclineIntoCensorship/comments/f188b0/rwatchredditdie_rogue_mod/

zyxzevn · 2020-02-09T14:54:18+00:00

It is funny how the most people that attack these whistleblowers,
have no problem to protest against Hong Kong sending a brutal criminal to prison in another country.

Whistleblowing should never be a crime. And there should be millions out in the street to protest.

Assange:
If wars can be started by lies, they can be stopped by truth.

zyxzevn · 2020-02-09T14:46:35+00:00

I hope this spreads and will help Assange to be released.

zyxzevn · 2020-02-08T21:48:28+00:00

The US biological testing or attack?

The PNAC Plan For Ethnically-Focused Bioweapons & US Gov's History Of Testing On Unwitting Citizens
The Last American Vagabond
https://www.bitchute.com/video/GIZJXby_hBc/

Full episode on YT
Israel Used Civilian Plane As Cover, Killing 23 & US Contractor Was Killed By ISIS Rocket, Not Iran

zyxzevn

MODERATOR OF

6 Security questions persistent XSS