An anonymous reader quotes a report from Ars Technica: Cases of COVID-19 are extremely rare among people who are fully vaccinated, according to a new data analysis by the Centers for Disease Control and Prevention. Among more than 75 million fully vaccinated people in the US, just around 5,800 people reported a "breakthrough" infection, in which they became infected with the pandemic coronavirus despite being fully vaccinated. The numbers suggest that breakthroughs occur at the teeny rate of less than 0.008 percent of fully vaccinated people -- and that over 99.992 percent of those vaccinated have not contracted a SARS-CoV-2 infection.

The figures come from a nationwide database that the CDC set up to keep track of breakthrough infections and monitor for any concerning signs that the breakthroughs may be clustering by patient demographics, geographic location, time since vaccination, vaccine type, or vaccine lot number. The agency will also be keeping a close eye on any breakthrough infections that are caused by SARS-CoV-2 variants, some of which have been shown to knock back vaccine efficacy. [...] The extraordinary calculation that 99.992 percent of vaccinated people have not contracted the virus may reflect that they all simply have not been exposed to the virus since being vaccinated. Also, there are likely cases missed in reporting. Still, the data is a heartening sign. As for the "breakthroughs," the agency says many of them occurred in older people, who are more vulnerable to COVID-19. There are some scattered through every age group, but more than 40 percent were in people ages 60 and above.

"We see [breakthroughs] with all vaccines," top infectious disease expert Anthony Fauci said in a press briefing earlier this week. "No vaccine is 100 percent efficacious or effective, which means that you will always see breakthrough infections regardless of the efficacy of your vaccine."

An online tool lets customers pay to unmask the phone numbers of Facebook users that liked a specific Page, and the underlying dataset appears to be separate from the 500 million account database that made headlines last week, signifying another data breach or large scale scraping of Facebook users' data, Motherboard reports. From the report: Motherboard verified the tool, which comes in the form of a bot on the social network and messaging platform Telegram, outputs accurate phone numbers of Facebook users that aren't included in the dataset of 500 million users. The data also appears to be different to another Telegram bot outputting Facebook phone numbers that Motherboard first reported on in January. "Hello, can you tell me how you got my number?" one person included in the dataset asked Motherboard when reached for comment. "Omg, this is insane," they added. Another person returned Motherboard's call and, after confirming their name, said "If you have my number then yes it seems the data is accurate."

A description for the bot reads "The bot give [sic] out the phone numbers of users who have liked the Facebook page." To use the bot, customers need to first identify the unique identification code of the Facebook Page they want to get phone numbers from, be that a band, restaurant, or any other sort of Page. This is possible with at least one free to use website. From there, customers enter that code into the bot, which provides a cost of the data in U.S. dollars and the option to proceed with the purchase, according to Motherboard's tests. A Page with tens of thousands of likes from Facebook users can cost a few hundred dollars, the bot shows. The data for Motherboard's own Page would return 134,803 results and cost $539, for example.

CIStud writes: The rumors have persisted for some time, and now Logitech has officially confirmed it has discontinued its once-vaunted Harmony remote controls, including the line of Logitech Harmony Pro programmable remotes for custom installers. Logitech plans to continue maintaining the Harmony database and software. The discontinuation does not affect the operation or the warranty on any Harmony remotes being used by integrators' clients already in the field. Logitech also plans to continue to offer service and support for Harmony remotes. The company also points out that the decision does not affect a customer's ability to interface with the Harmony universal remotes via their Amazon Alexa or Google Assistant voice controls.

Inside.com's developer newsletter reports: The PHP team no longer believes the git.php.net server was compromised in a recent attack, which prompted PHP to move servers to GitHub and caused the team to temporarily put releases on hold until mid-April...

In an update offering further insight into the root cause of the late March attack, the team says because it's possible the master.php.net user database was exposed, master.php.net has been moved to main.php.net. The team also reset php.net passwords, and you can visit https://main.php.net/forgot.php to set a new password. In addition, git.php.net and svn.php.net are both read-only now.

Two malicious commits were pushed to the php-src repo from PHP founder Rasmus Lerdorf and PHP core developer Nikita Popov, Popov announced March 28. After an investigation, the PHP team reassured users these malicious commits never reached end-users. However, the team decided to move to GitHub after determining maintaining its own git infrastructure is "an unnecessary security risk."
"In 2019, the PHP team temporarily shut down its Git server after discovering that an attacker had maliciously replaced the official PHP Extension and Application Repository with a malicious one," reports CPO magazine. But this newer supply chain attack "targeted any server that uses PHP ZLib compression when sending data. Most servers use this functionality on almost all content except images and archives that are already size optimized." The supply chain attack would have turned PHP into a remote web shell through which the attackers could execute any command without authentication. This is because the malicious attackers would have the same privileges as the web server running PHP. The backdoor is triggered at the start of a request by checking if the request contains the word "zerodium." If this condition was met, PHP executes the code in the "User-Agentt" request header. The header closely resembles the PHP "User-Agent" request for checking for browser properties.

The rest of the request would thus be treated as a command that could be executed on a PHP server using the server's privileges. This would allow the hackers to run any arbitrary command without the need for further privileges...

PHP powers 80% of all websites. Thus, a successful supply chain attack exploiting the language could prove catastrophic.

Facebook did not notify the more than 530 million users whose details were obtained through the misuse of a feature before 2019 and recently made public in a database, and does not currently have plans to do so, a company spokesman said on Wednesday. Reuters: Business Insider reported last week that phone numbers and other details from user profiles were available in a public database. Facebook said in a blog post on Tuesday that "malicious actors" had obtained the data prior to September 2019 by "scraping" profiles using a vulnerability in the platform's tool for synching contacts. The Facebook spokesman said the social media company was not confident it had full visibility on which users would need to be notified. He said it also took into account that users could not fix the issue and that the data was publicly available in deciding not to notify users. Facebook has said it plugged the hole after identifying the problem at the time. Further reading: Facebook Says It's Your Fault That Hackers Got Half a Billion User Phone Numbers.

A database containing the phone numbers of more than half a billion Facebook users is being freely traded online, and Facebook is trying to pin the blame on everyone but themselves. From a report: A blog post titled "The Facts on News Reports About Facebook Data," published Tuesday evening, is designed to silence the growing criticism the company is facing for failing to protect the phone numbers and other personal information of 533 million users after a database containing that information was shared for free in low level hacking forums over the weekend, as first reported by Business Insider. Facebook initially dismissed the reports as irrelevant, claiming the data was leaked years ago and so the fact it had all been collected into one uber database containing one in every 15 people on the planet -- and was now being given away for free -- didn't really matter.

So instead of apologizing for failing to keep users' data secure, Facebook's product management director Mike Clark began his blog post by making a semantic point about how the data was leaked. "It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019," Clark wrote. This is the identical excuse given in 2018, when it was revealed that Facebook had given Cambridge Analytica the data of 87 million users without their permission, for use in political ads. Clark goes on to explain that the people who collected this data -- sorry, "scraped" this data -- did so by using a feature designed to help new users find their friends on the platform.

A data leak involving personal details of hundreds of millions of Facebook users is being reviewed by Ireland's Data Protection Commission (DPC). The BBC reports: The database is believed to contain a mix of Facebook profile names, phone numbers, locations and other facts about more than 530 million people. Facebook says the data is "old," from a previously-reported leak in 2019. But the Irish DPC said it will work with Facebook, to make sure that is the case.

Ireland's regulator is critical to such investigations, as Facebook's European headquarters is in Dublin, making it an important regulator for the EU. The most recent data dump appears to contain the entire compromised database from the previous leak, which Facebook said it found and fixed more than a year and a half ago. But the dataset has now been published for free in a hacking forum, making it much more widely available. It covers 533 million people in 106 countries, according to researchers who have viewed the data. That includes 11 million Facebook users in the UK and more than 30 million Americans. The DPC's deputy commissioner Graham Doyle said the recent data dump "appears to be" from the previous leak -- and that the data-scraping behind it had happened before the EU's GDPR privacy legislation was in effect.

"However, following this weekend's media reporting we are examining the matter to establish whether the dataset referred to is indeed the same as that reported in 2019," he added.

An anonymous reader quotes a report from The Intercept: The popular legal research and data brokerage firm LexisNexis signed a $16.8 million contract to sell information to U.S. Immigration and Customs Enforcement, according to documents shared with The Intercept. The deal is already drawing fire from critics and comes less than two years after the company downplayed its ties to ICE, claiming it was "not working with them to build data infrastructure to assist their efforts." Though LexisNexis is perhaps best known for its role as a powerful scholarly and legal research tool, the company also caters to the immensely lucrative "risk" industry, providing, it says, 10,000 different data points on hundreds of millions of people to companies like financial institutions and insurance companies who want to, say, flag individuals with a history of fraud. LexisNexis Risk Solutions is also marketed to law enforcement agencies, offering "advanced analytics to generate quality investigative leads, produce actionable intelligence and drive informed decisions" -- in other words, to find and arrest people.

The LexisNexis ICE deal appears to be providing a replacement for CLEAR, a risk industry service operated by Thomson Reuters that has been crucial to ICE's deportation efforts. In February, the Washington Post noted that the CLEAR contract was expiring and that it was "unclear whether the Biden administration will renew the deal or award a new contract." LexisNexis's February 25 ICE contract was shared with The Intercept by Mijente, a Latinx advocacy organization that has criticized links between ICE and tech companies it says are profiting from human rights abuses, including LexisNexis and Thomson Reuters. The contract shows LexisNexis will provide Homeland Security investigators access to billions of different records containing personal data aggregated from a wide array of public and private sources, including credit history, bankruptcy records, license plate images, and cellular subscriber information. The company will also provide analytical tools that can help police connect these vast stores of data to the right person. In a statement to The Intercept, a LexisNexis Risk Solutions spokesperson said: "Our tool contains data primarily from public government records. The principal non-public data is authorized by Congress for such uses in the Drivers Privacy Protection Act and Gramm-Leach-Bliley Act statutes." They declined to say exactly what categories of data the company would provide ICE under the new contract, or what policies, if any, will govern how agency agency uses it.

This week the lead consumer technology writer for The New York Times urged readers to switch their browser from Chrome, Safari, or Microsoft Edge to a private browser.

"For about a week, I tested three of the most popular options — DuckDuckGo, Brave and Firefox Focus. Even I was surprised that I eventually switched to Brave as the default browser on my iPhone." Firefox Focus, available only for mobile devices like iPhones and Android smartphones, is bare-bones. You punch in a web address and, when done browsing, hit the trash icon to erase the session. Quitting the app automatically purges the history. When you load a website, the browser relies on a database of trackers to determine which to block.

The DuckDuckGo browser, also available only for mobile devices, is more like a traditional browser. That means you can bookmark your favorite sites and open multiple browser tabs. When you use the search bar, the browser returns results from the DuckDuckGo search engine, which the company says is more focused on privacy because its ads do not track people's online behavior. DuckDuckGo also prevents ad trackers from loading. When done browsing, you can hit the flame icon at the bottom to erase the session.

Brave is also more like a traditional web browser, with anti-tracking technology and features like bookmarks and tabs. It includes a private mode that must be turned on if you don't want people scrutinizing your web history. Brave is also so aggressive about blocking trackers that in the process, it almost always blocks ads entirely. The other private browsers blocked ads less frequently....

In the end, though, you probably would be happy using any of the private browsers... For me, Brave won by a hair. My favorite websites loaded flawlessly, and I enjoyed the clean look of ad-free sites, along with the flexibility of opting in to see ads whenever I felt like it. Brendan Eich, the chief executive of Brave, said the company's browser blocked tracking cookies "without mercy."

"If everybody used Brave, it would wipe out the tracking-based ad economy," he said.

Count me in.

An anonymous reader quotes a report from TorrentFreak: The popular and entirely legal Steam Database has found itself in a precarious position following two erroneous DMCA notices from SEGA. Steam Database's host is being asked to suspend the platform due to a claimed lack of response to the first notice. This prompted the site to take down entirely legal content in an effort to address the problem. [...]

TorrentFreak was able to review the notice sent by SEGA to SteamDB's host and it pulls no punches. SEGA doubles down by stating that SteamDB is illegally distributing the game Yakuza: Like a Dragon, noting that it has tried to inform SteamDB but was "not able" to resolve the issue. Worryingly, it then implies that legal action might be taken against SteamDB for non-compliance, adding that the host should "immediately suspend" SteamDB due to the alleged ongoing infringement. Which, of course, is not taking place.

This puts SteamDB's host in a tough position. Failure to act against an allegedly infringing customer can put the host at risk in terms of liability but disabling a customer's website can cause a whole new set of problems, especially when that customer has not infringed anyone's rights. In an effort to sort the problem out, SteamDB's host asked for additional input from the operators of SteamDB but nevertheless warned that if that information was not received, it may still block the SteamDB server within 24 hours, as demanded in the SEGA takedown notice. In order to defuse the situation, SteamDB took down the allegedly-infringing page which as far as SEGA goes (and at least in theory) should solve the disconnection threat problem. However, the entire situation has proven counterproductive for SEGA too.

David Leonhardt, writing at The New York Times: Bruce Sacerdote, an economics professor at Dartmouth College, noticed something last year about the Covid-19 television coverage that he was watching on CNN and PBS. It almost always seemed negative, regardless of what was he seeing in the data or hearing from scientists he knew. When Covid cases were rising in the U.S., the news coverage emphasized the increase. When cases were falling, the coverage instead focused on those places where cases were rising. And when vaccine research began showing positive results, the coverage downplayed it, as far as Sacerdote could tell. But he was not sure whether his perception was correct.

To check, he began working with two other researchers, building a database of Covid coverage from every major network, CNN, Fox News, Politico, The New York Times and hundreds of other sources, in the U.S. and overseas. The researchers then analyzed it with a social-science technique that classifies language as positive, neutral or negative. The results showed that Sacerdote's instinct had been right -- and not just because the pandemic has been mostly a grim story. The coverage by U.S. publications with a national audience has been much more negative than coverage by any other source that the researchers analyzed, including scientific journals, major international publications and regional U.S. media. "The most well-read U.S. media are outliers in terms of their negativity," Molly Cook, a co-author of the study, told me. About 87 percent of Covid coverage in national U.S. media last year was negative. The share was 51 percent in international media, 53 percent in U.S. regional media and 64 percent in scientific journals. Notably, the coverage was negative in both U.S. media outlets with liberal audiences (like MSNBC) and those with conservative audiences (like Fox News).

"Adobe doesn't want third-parties to pirate its software, so the company regularly sends out DMCA notices to remove infringing copies," reports TorrentFreak. In a recent tweet, F-Secure researcher Mikko Hypponen mentioned that the software company removed one of his tweets that linked to an old copy of Acrobat Reader for MS-DOS, which came out more than 27-years ago, shortly after the PDF was invented. From the report: The security researcher posted the tweet five years ago and at the time there were no issues. The message was copied a few weeks ago by his own Twitter bot, which reposts all his original tweets five years later. "They sent a DMCA notice to my bot (@mikko__2016) when it posted that tweet on the tweet's 5th anniversary. The original tweet is fine," Hypponen notes. While the original tweet is still up, the reposted message was swiftly removed by Twitter. Not just that, the bot's account was locked as well, which is standard practice nowadays.

Looking more closely at the takedown notice, we see that it was sent by the "brand protection analyst" at Incopro, which is one of Adobe's anti-piracy partners. It doesn't provide any further details on the reasons for taking it down, other than an alleged copyright infringement. Things get even more curious when we look at the full DMCA notice, posted by the Lumen database. This shows that the tweet was listed among other links, which all point to "infringing' copies of more recent software. Intriguingly, the notice also reveals that Hypponen's original tweet was targeted as well, albeit indirectly. The takedown notice lists t.co/tbAT0CH25o, which still points to the 2016 tweet today, so Twitter decided not to take action there.

We wonder if the DMCA notice is intentional at all. Over the years we have seen many bizarre takedown claims, which are often the result of automated filters. That may be a plausible explanation here as well. In that case, it shows that DMCA takedown process is far from perfect. However, if Adobe seriously has a problem with the fact that a 27-year-old copy of Acrobat Reader is being shared on an external site, it's more effective to target the site where it's hosted. Not the person who links to it in a tweet.

A lapsed domain registration tied to WeLeakInfo, a wildly popular service that sold access to more than 12 billion usernames and passwords from thousands of hacked websites, "let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card," reports Krebs on Security. This comes after the service was seized a little over a year ago by the FBI and law enforcement partners overseas. From the report: In a post on the database leaking forum Raidforums, a regular contributor using the handle "pompompurin" said he stole the WeLeakInfo payment logs and other data after noticing the domain wli[.]design was no longer listed as registered. "Long story short: FBI let one of weleakinfo's domains expire that they used for the emails/payments," pompompurin wrote. "I registered that domain, & was able to [password] reset the stripe.com account & get all the Data. [It's] only from people that used stripe.com to checkout. If you used paypal or [bitcoin] ur all good."

Cyber threat intelligence firm Flashpoint obtained a copy of the data leaked by pompompurin, and said it includes partial credit card data, email addresses, full names, IP addresses, browser user agent string data, physical addresses, phone numbers, and amount paid. One forum member commented that they found their own payment data in the logs.

Tinder and Match have announced a new partnership with Garbo, a non-profit, female-founded background check platform. In theory, it should allow Tinder (and Match Group's other sites) to ping Garbo's database and proactively show users when it finds something they might want to be aware of. Engadget reports: If you're not familiar with Garbo, it was founded by Kathryn Kosmides, a "survivor of gender-based violence" who wanted to make it easier to find information about people you may connect with online. Garbo's platform aggregates numerous data sources to provide details on an individual, including "arrests, convictions, restraining orders, harassment, and other violent crimes." The organization's site says that often times, you don't even need a last time to find some details on an individual -- a first name and phone number will work.

As part of the deal, Garbo's platform will be available to people using Match Group apps, starting with Tinder later this year. [...] Garbo cites making ridesharing services safer as another core initiative for the non-profit in addition to working with dating services, so it wouldn't surprise us to see a similar partnership appear between Garbo and companies like Uber or Lyft -- but for now, it's starting with Tinder.

An anonymous reader quotes a report from IEEE Spectrum: Now researchers at MIT have developed a new way to produce holograms nearly instantly -- a deep-learning based method so efficient, it can generate holograms on a laptop in a blink of an eye. They detailed their findings this week, which were funded in part by Sony, online in the journal Nature. Using physics simulations for computer-generated holography involves calculating the appearance of many chunks of a hologram and then combining them to get the final hologram. Using lookup tables is like memorizing a set of frequently used chunks of hologram, but this sacrifices accuracy and still requires the combination step.
[...]
The researchers first built a custom database of 4,000 computer-generated images, which each included color and depth information for each pixel. This database also included a 3D hologram corresponding to each image. Using this data, the convolutional neural network learned how to calculate how best to generate holograms from the images. It could then produce new holograms from images with depth information, which is provided with typical computer-generated images and can be calculated from a multi-camera setup or from lidar sensors, both of which are standard on some new iPhones. The new system requires less than 620 kilobytes of memory, and can generate 60 color 3D holograms per second with a resolution of 1,920 by 1,080 pixels on a single consumer-grade GPU. The researchers could run it an iPhone 11 Pro at a rate of 1.1 holograms per second and on a Google Edge TPU at a rate of 2 holograms per second, suggesting it could one day generate holograms in real-time on future virtual-reality (VR) and augmented-reality (AR) mobile headsets.

Uber and Lyft will work together to share information on US drivers and delivery people accused of physical and sexual assault to ensure those individuals are banned on both platforms, the two companies announced on Thursday in separate blog posts. Engadget reports: HireRight, a company that specializes in conducting background checks, will oversee the Industry Sharing Safety Program database. Other transportation and delivery companies in the US will have the chance to contribute and access the database as long as they adhere to the same data accuracy and privacy policies that Uber and Lyft must follow.

"We want to share this information with each other and hopefully in the near future with other companies, so that our peers in this space can be informed and make decisions for their own platforms to keep those platforms safe," Jennifer Brandenburger, Lyft's head of policy development, told NBC News. The database won't include information on victims. Additionally, the incident that landed a driver in the database will fall in broad categories.

An anonymous reader quotes a report from Los Angeles Times: Clearview AI has amassed a database of more than 3 billion photos of individuals by scraping sites such as Facebook, Twitter, Google and Venmo. It's bigger than any other known facial-recognition database in the U.S., including the FBI's. The New York company uses algorithms to map the pictures it stockpiles, determining, for example, the distance between an individual's eyes to construct a "faceprint." This technology appeals to law enforcement agencies across the country, which can use it in real time to help determine people's identities.

It also has caught the attention of civil liberties advocates and activists, who allege in a lawsuit filed Tuesday that the company's automatic scraping of their images and its extraction of their unique biometric information violate privacy and chill protected political speech and activity. The plaintiffs -- four individual civil liberties activists and the groups Mijente and NorCal Resist -- allege Clearview AI "engages in the widespread collection of California residents' images and biometric information without notice or consent."

This is especially consequential, the plaintiffs argue, for proponents of immigration or police reform, whose political speech may be critical of law enforcement and who may be members of communities that have been historically over-policed and targeted by surveillance tactics. Clearview AI enhances law enforcement agencies' efforts to monitor these activists, as well as immigrants, people of color and those perceived as "dissidents," such as Black Lives Matter activists, and can potentially discourage their engagement in protected political speech as a result, the plaintiffs say. [...] The plaintiffs are seeking an injunction that would force the company to stop collecting biometric information in California. They are also seeking the permanent deletion of all images and biometric data or personal information in their databases.

tsu doh nimh shares a report: Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums' user databases, including email and Internet addresses and hashed passwords. Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums. On Tuesday, someone dumped thousands of usernames, email addresses and obfuscated passwords on the dark web apparently pilfered from Mazafaka (a.k.a. "Maza," "MFclub"), an exclusive crime forum that has for more than a decade played host to some of the most experienced and infamous Russian cyberthieves.

At the top of a 35-page PDF leaked online is a private encryption key allegedly used by Maza administrators. The database also includes ICQ numbers for many users. ICQ, also known as "I seek you," was an instant message platform trusted by countless early denizens of these older crime forums before its use fell out of fashion in favor of more private networks, such as Jabber and Telegram. This is notable because ICQ numbers tied to specific accounts often are a reliable data point that security researchers can use to connect multiple accounts to the same user across many forums and different nicknames over time. Cyber intelligence firm Intel 471 assesses that the leaked Maza database is legitimate.

The far-right social media platform Gab says a trove of its contents has been stolen in a security breach -- including passwords and private communications. Wired reports: On Sunday night the WikiLeaks-style group Distributed Denial of Secrets is revealing what it calls GabLeaks, a collection of more than 70 gigabytes of Gab data representing more than 40 million posts. DDoSecrets says a hacktivist who self-identifies as "JaXpArO and My Little Anonymous Revival Project" siphoned that data out of Gab's backend databases in an effort to expose the platform's largely right-wing users. Those Gab patrons, whose numbers have swelled after Parler went offline, include large numbers of Qanon conspiracy theorists, white nationalists, and promoters of former president Donald Trump's election-stealing conspiracies that resulted in the January 6 riot on Capitol Hill.

DDoSecrets cofounder Emma Best says that the hacked data includes not only all of Gab's public posts and profiles -- with the exception of any photos or videos uploaded to the site -- but also private group and private individual account posts and messages, as well as user passwords and group passwords. "It contains pretty much everything on Gab, including user data and private posts, everything someone needs to run a nearly complete analysis on Gab users and content," Best wrote in a text message interview with WIRED. "It's another gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon, and everything surrounding January 6." DDoSecrets says it's not publicly releasing the data due to its sensitivity and the vast amounts of private information it contains. Instead the group says it will selectively share it with journalists, social scientists, and researchers.

According to DDoSecrets' Best, the hacker says that they pulled out Gab's data via a SQL injection vulnerability in the siteâ"a common web bug in which a text field on a site doesn't differentiate between a user's input and commands in the site's code, allowing a hacker to reach in and meddle with its backend SQL database. Despite the hacker's reference to an "Anonymous Revival Project," they're not associated with the loose hacker collective Anonymous, they told Best, but do "want to represent the nameless struggling masses against capitalists and fascists." The company's CEO, Andrew Torba, responded in a public statement on the company's blog that "reporters, who write for a publication that has written many hit pieces on Gab in the past, are in direct contact with the hacker and are essentially assisting the hacker in his efforts to smear our business and hurt you, our users."

Slashdot reader b-dayyy writes: CrowdSec is a massively multiplayer firewall designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent. It was inspired by Fail2Ban and aims to be a modernized, collaborative version of that intrusion-prevention tool.

CrowdSec is free and open-source (under an MIT License), with the source code available on GitHub. It uses a behavior analysis system to qualify whether someone is trying to hack you, based on your logs. If your agent detects such aggression, the offending IP is then dealt with and sent for curation. If this signal passes the curation process, the IP is then redistributed to all users sharing a similar technological profile to 'immunize' them against this IP.

The goal is to leverage the power of the crowd to create a real-time IP reputation database. As for the IP that aggressed your machine, you can choose to remedy the threat in any manner you feel appropriate. Ultimately, CrowdSec leverages the power of the community to create an extremely accurate IP reputation system that benefits all its users.

It was clear to the founders that Open Source was going to be one of the main pillars of CrowdSec. The project's founders have been working on open-source projects for decades — they didn't just jump on the train. Rather, they are strong Open Source believers. They believe that the crowd is key to the mass hacking plague we are experiencing, and that Open Source is the best lever to create a community and have people contribute their knowledge to the project, ultimately make it better and more secure.

The solution recently turned 1.x, introducing a major architectural change: the introduction of a local REST API.