Hi Dougie,
Thank you for your help :-)
Kind regards,
Alex
Le jeu. 13 août 2020 à 16:06, douglasrankine <douglasrankine@xxxxxxxxxxx> a
écrit :
Hi Alex,
Go to url: https://www.freelists.org/list/cryptome
Put in the email address you subscribed with in the email box:
akepessy@xxxxxxxxx
Go to the box below where you will see a box saying <subscribe>
Select that box, which has a drop down list and select what you want to do.
Select <I am not a robot> and tick the box.
Select <next> and click on it...You should then receive an email which
will tell you that you have successfully taken the action which you wanted.
Any problems, please let me or the list know...
ATB,
Dougie.
On 13/08/2020 14:32, Alex Basskep wrote:
Hi Doug,
Do you know how to unsubscribe email notifications please ? I tried
several times but i still receive 15 emails per day...
Thanks for your help.
Kind regards,
Alex
Le jeu. 13 août 2020 à 14:16, douglasrankine <douglasrankine@xxxxxxxxxxx>
a écrit :
see url:
https://www.zdnet.com/article/in-one-click-amazon-alexa-could-be-exploited-for-theft-of-voice-history-pii-skill-tampering/
"Alexa...Alexa...Where are you, where have you gone?" "All over the
internet"...:-)
see full article for further information.
Quote<<<
Subdomains belonging to the service were found to be harboring CORS
errors and vulnerable to XSS attacks.
Amazon's Alexa voice assistant could be exploited to hand over user data
due to security vulnerabilities in the service's subdomains.
The smart assistant, which is found in devices such as the Amazon Echo
and Echo Dot -- with over 200 million shipments worldwide -- was
vulnerable to attackers seeking user personally identifiable information
(PII) and voice recordings.
Check Point Research said on Thursday that the security issues were
caused by Amazon Alexa subdomains susceptible to Cross-Origin Resource
Sharing (CORS) misconfiguration and cross-site scripting (XSS) attacks.
When Check Point first began examining the Alexa mobile app, the company
noticed the existence of an SSL mechanism that prevents traffic
inspection. However, the script used could be bypassed using the Frida
SSL universal unpinning script.
See also: Amazon's Q2: $4 billion spent on COVID-19 and still nets $5.2
billion
This led to the discovery of the app's misconfiguration of CORS policy,
which allowed Ajax requests to be sent from Amazon subdomains.
If a subdomain was found as vulnerable to code injection, an XSS attack
could be launched, and this was performed via track.amazon.com and
skillsstore.amazon.com.
>>>End of Quote
