NetAskari

A crack in the wall: GFW leaks data and reveals more. US Researchers have managed to discover a vulnerability inside the Chinese online censorship system which leads to sensitive information leakage.

How a long term data leak in the GFW's DNS injection programm revealed some internal machinations of the system: substack.com/@netaskari/n...

Natto Team on Substack As we are publishing this piece, the i-SOON indictment was out as well. https://open.substack.com/pub/nattothoughts/p/where-is-i-soon-now?r=1fj33r&utm_campaign=post&utm_medium=web&showWelcomeOnShare...

I-Soon just got a extra treatment by the DoJ it seems but what happened to them after last years data leaks? @nattothoughts.bsky.social looked into it: substack.com/@nattothough...

Advanced Data Protection: to have or not to have. Apple is pulling its E2E "Advanced Data Protection" from the UK market, while in China, it is freely available. Notion of Irony hidden somewhere there.

As Apple's ADP is being pulled from the Uk, in China of all places the E2E feature is untouched even though it is on the outside a clear violation of CN cyber security law: substack.com/@netaskari/n...

The great march: Embrace DeepSeek China's central government seems to be hellbent of pushing AI into all aspects of civilian and not-so-civilian life.

Deepseek is now getting pushed in China into almost any fiber of society, economy and technology, not just by company PR but govt policy. I took a look: substack.com/@netaskari/n...

Stepping up Deepseek’s evolution in censorship phrasing

Deepseek and its censorship procedure seems to be evolving. Instead of crudily erasing provious answers, it now switches straight to phrasing out of Chinese government propaganda pamphlets: open.substack.com/pub/netaskar...

Will be on RightsCon 2025 in Taipei the coming days. Wherever wants to meet up, reach out. Tox:C4331F0D663BCA81A8A00C1EA7CB5059A89AE8A61FC9B01914231023C69F5A1917B756B712C2

Apple fixes iPhone and iPad bug used in an 'extremely sophisticated attack' | TechCrunch Unknown attackers may have exploited a zero-day bug to access data on locked phones, according to Apple.

Apple released an important update to close USB security loophole on iOS: techcrunch.com/2025/02/10/a...

A few more Deepseek nitbits here: substack.com/@netaskari/n...

I am not 100% what I am seeing here, but an informed guess is, that this is a DB shared with many diverse users, that vary widely so access control is just not practical nor necessary. If anyone has a better idea, let me know.

First of all, it would most likely be a breach of their terms and conditions, but also it would be far more economical to just use the API as you or store smaller subsets for analysis. Also, the focus on AWS infra on that scale seems rather out of the ordinary to me.

Final thoughts: Storing a massive set like this on a box connected to the open with no access control of the DB seems highly unusual to me. It could be just an oversight, but even for normal researchers there are not many reasons to scrape Censys like this.

DB Timestamps hint that the DB was setup and filled in April 2024. Most "scan results" are from May 2023, according to the entries in the DB.

The reveal: The Database has a massive list of infos of standard Censys scans stored. All of the scans seem to be aiming at AWS/Cloudfront CDN servers in the US.

The server only has SSH port, EA ports and port 7777 open, which is open for TLS business.

There also seems to be a Fast Reverse Proxy (FRP) running on the machine, which is interesting. Though not totally uncommon, especially for Chinese servers. The server IP doesn't seem to have any domains attached to it nor is the IP flagged in the most common databases and malicious IP repositories.

The setup: A server based in Shanghai with a massive unsecured Elastic Search Database of over 2.3 TB.

Are Chinese hackers using official online recon services like Censys to stake out targets without raising suspicioun !? Let's walk with me...

A massive database of AWS recon data on a obscure Chinese server!? Follow me down the rabbit hole: open.substack.com/pub/netaskar...

Data extraction via DNS packages, the Chinese way ( and with some help of the GFW): open.substack.com/pub/netaskar...

Training Chinese LLMs for censorship. Lets come to the digital gym with us: open.substack.com/pub/netaskar...

Chasing Chinese cyber operators in the city of Chengdu. Sichuan Silence, I-soon, nosugar Tech and Chengdu404 !? We got them all: open.substack.com/pub/netaskar...

Want to see how Deepseek is meeting a censorship hurdle out of its own realm? open.substack.com/pub/netaskar...