Skip to main content

Suche

Beiträge die mit Security getaggt sind


 
Internet of Shit: #Miele Professional PG 8528 - Web Server Directory Traversal http://seclists.org/fulldisclosure/2017/Mar/63 #security

Full Disclosure: [CVE-2017-7240] Miele Professional PG 8528 - Web Server Directory Traversal

Full Disclosure: [CVE-2017-7240] Miele Professional PG 8528 - Web Server Directory Traversal

 
Internet of Shit: #Miele Professional PG 8528 - Web Server Directory Traversal http://seclists.org/fulldisclosure/2017/Mar/63 #security

Full Disclosure: [CVE-2017-7240] Miele Professional PG 8528 - Web Server Directory Traversal

Full Disclosure: [CVE-2017-7240] Miele Professional PG 8528 - Web Server Directory Traversal

 

Lack of security patching leaves mobile users exposed


An analysis of the patch updates among the five leading wireless carriers in the United States found that 71 percent of mobile devices still run on security patches more than two months old.

[ #mobile #smartphones #security ]

https://www.helpnetsecurity.com/2017/03/24/lack-security-patching-leaves-mobile-users-exposed/
https://www.helpnetsecurity.com/2017/03/24/lack-security-patching-leaves-mobile-users-exposed/

 

Lekken in D-Link-routers geven aanvaller beheerderswachtwoord


Twee beveiligingslekken in routers van fabrikant D-Link maken het mogelijk voor een aanvaller om op afstand het beheerderswachtwoord van het apparaat te achterhalen en een update is nog niet beschikbaar. De eerste kwetsbaarheid bevindt zich in de remote inlogpagina van het apparaat.

[ #security #router #beveiligingslekken ]

https://www.security.nl/posting/507521/Lekken+in+D-Link-routers+geven+aanvaller+beheerderswachtwoord

Lekken in D-Link-routers geven aanvaller beheerderswachtwoord

Twee beveiligingslekken in routers van fabrikant D-Link maken het mogelijk voor een aanvaller om op afstand het ...

 

Open Source und die Update-Resistenz | OSB – Open Source Business Alliance


Die Grünen erklärten beispielsweise, dass es sei nur ein unwichtiger Server mit altem Wahlkampfmaterial betroffen. Das zeigt offenkundige Unwissenheit darüber, wie solche Angriffe ablaufen. Und eine sträflich nachlässige Haltung gegenüber der IT-Sicherheit.
Organisationen und Privatleute verwenden Nextcloud und Owncloud, weil sie den Public-Cloud-Speicherangeboten misstrauen, Datenverluste oder ein Ausschnüffeln ihrer Privatsphäre befürchten. Daraus sollte eigentlich selbstverständlich folgen, dass Anwender auch Maßnahmen treffen, um solche Angriffe auf ihre eigenen Cloud-Speicher zu verhindern. Updates sind dafür unverzichtbar. Allerdings sind da nicht nur die Anwender in der Pflicht.

http://osb-alliance.de/blog/open-source-und-die-update-resistenz

#foss #security #it #nextcloud
http://osb-alliance.de/blog/open-source-und-die-update-resistenz

 

Apache servers under attack through easily exploitable Struts 2 flaw


A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday.

[ #server #admin #security #apache ]

https://www.helpnetsecurity.com/2017/03/09/apache-struts-2-attack/

Apache servers under attack through easily exploitable Struts 2 flaw - Help Net Security

A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released.

 
Mit dem Fairphone OS kann man sich aus den Fangarmen von Google befreien und die Kontrolle über seine Daten behalten: https://www.kuketz-blog.de/fairphone-2-wie-man-ein-smartphone-etwas-duemmer-macht/

#security #privacy #android #fairphone #datenschutz #afwall #xprivacy

Fairphone 2: Wie man ein Smartphone etwas dümmer macht • Kuketz IT-Security Blog

Mit dem Fairphone OS kann man sich aus den Fangarmen von Google befreien und die Kontrolle über seine Daten behalten

 
DiWiSH Fachgruppe IT- #Security auf der New Energy Husum zusammen mit @energynetworkSH & watt_2.0

DiWiSH-Fachgruppe IT-Security: IT-Sicherheit für Erneuerbare Energien - DiWiSH – Digitale Wirtschaft Schleswig-Holstein (Clustermanagement)

Die meisten Betreiber von Anlagen zur Erzeugung erneuerbarer Energien fallen aufgrund Ihrer Größe (< 450 MW installierte Leistung) nicht unter die Einstufung für kritische …

 
DiWiSH Fachgruppe IT- #Security auf der New Energy Husum zusammen mit @energynetworkSH & watt_2.0

DiWiSH-Fachgruppe IT-Security: IT-Sicherheit für Erneuerbare Energien - DiWiSH – Digitale Wirtschaft Schleswig-Holstein (Clustermanagement)

Die meisten Betreiber von Anlagen zur Erzeugung erneuerbarer Energien fallen aufgrund Ihrer Größe (< 450 MW installierte Leistung) nicht unter die Einstufung für kritische …

 

Poll about strict certificate checking


Hello admins of nodes, pods and hubs of the federated network,

in Friendica there is an option to verify SSL certificates.

Verify SSL
If you wish, you can turn on strict certificate checking. This will mean you cannot connect (at all) to self-signed SSL sites.


The strict certificate checking is disabled by default. I always ask myself, should I enable it for the sake of security or should I leave it alone and allow communication with servers with bad or self-signed certificates?
What do you think? How do you handle this?

#diaspora #friendica #hubzilla #ssl #security @Friendica Support

 
Bundesnetzagentur: Puppenverbot gefährdet das Smart Home und Bastler - Golem.de
https://www.golem.de/news/bundesnetzagentur-puppenverbot-gefaehrdet-das-smart-home-und-bastler-1702-126262.html
#Spielzeug #Bundesnetzagentur #Cookies #Datenschutz #Verbraucherschutz #API #Security

Bundesnetzagentur: Puppenverbot gefährdet das Smart Home und Bastler - Golem.de

Eine Entscheidung der Bundesnetzagentur könnte Smart-Home-Fans und Bastler zu Straftätern machen. Dabei ist die rechtliche Grundlage längst nicht so eindeutig,

 
Bundesnetzagentur: Puppenverbot gefährdet das Smart Home und Bastler - Golem.de
https://www.golem.de/news/bundesnetzagentur-puppenverbot-gefaehrdet-das-smart-home-und-bastler-1702-126262.html
#Spielzeug #Bundesnetzagentur #Cookies #Datenschutz #Verbraucherschutz #API #Security

Bundesnetzagentur: Puppenverbot gefährdet das Smart Home und Bastler - Golem.de

Eine Entscheidung der Bundesnetzagentur könnte Smart-Home-Fans und Bastler zu Straftätern machen. Dabei ist die rechtliche Grundlage längst nicht so eindeutig,

 
| Translate | Gitter

Why we don't publish at the Play Store



We got some requests recently, asking, why we do not publish #dandelion at the #GooglePlay.So here are our main reasons, why we don't plan to uploadthe app there currently.

First of all, we do not comply with Googles terms of service. Having to pay ~25€ to Google who did not write the app and does not respect your freedom nor your privacy on its platforms (Youtube, GMail...) just doesn't feel right. We believe, that our userbase is well aware of the privacy concerns that come with using Google's Services, so many diaspora* users actually get their apps through F-Droid (which is great). Second, if a user that does not know about F-Droid yet wants to use dandelion* and searches for it, they'll hopefully find out about the F-Droid project and may get in touch with free software that way. So by not publishing to Google Play, we hope to get more people to understand, use and appreciate free and open source software.

If you find dandelion* on the Play Store, please be aware, that you likely just found a version built by someone else. We can not guarantee that such a version has not been tampered with in terms of #malware, so we highly discourage you to use it. It should be clear, that we'll never charge you any money for using, downloading, sharing or modifying the app. Note also, that we won't support those versions.

If you want to dontate to the project to support the developers, and keep them motivated, please feel free to contact us :D As always, you can help us by submitting bug reports, code and/or translations on github and crowdin.
PS: We maintainers (@gsantner and @vanitasvitae) will soon have more time again to actively work on the app. The last weeks we were distracted with educational work, so here is some background information:

@gsantner was working on another FLOSS app called Froody, which lets you share (naturally growing) food and other things with others. He hopes to enable people to live a more sustainable life. The main idea is to share to and help other people by e.g. sharing pears, which would rot anyway if unused.Everything is built with international use in mind. The app is available at https://github.com/froodyapp/froody-android, and is currently available in #English, #German and #Japanese. Also translatable on Crowdin. He also writes his bachlor thesis about Open Source and Android, which will be completed in summer and likely to be released in an appropiate free license.

@vanitasvitae is writing his bachelor thesis about an #OMEMO module for #Smack, a #XMPP library used by many free messengers like #Jitsi or #Kontalk.
He hopes to enable those messengers to #encrypt your communication end-to-end using the OMEMO protocol introduced by #conversations.
He'll also attend #FOSDEM in #brussels by the way, so if you are there you might meet him and chat a little ;)

Sharing welcome!



Bild/Foto

Tags: #dandelion #dandeliondev #diaspora #diasporaforandroid #diasporaandroid #diasporaapp #app #fdroid #freesoftware #opensource #google #play #store #app #android-dev #foss #freie-software #freesoftware #opensource #translation #translator #release #mobile #froody #froodyapp #omemo #security #sustainability #sustainable #thesis

Diaspora-for-Android/dandelion

dandelion* - unofficial diaspora* android client

 

Encrypted chat app Wickr opens code for public review


Security researchers have wanted a peek at Wickr’s code since the secure messaging app launched in 2012, and now they’re finally getting that chance. Wickr is publishing its code for Wickr Professional, the subscription-based enterprise version of its free messaging app, today for public review.

[ #chat #messenger #security #encryption #Wickr ]

TechCrunch: Encrypted chat app Wickr opens code for public review (Kate Conger)

Security researchers have wanted a peek at Wickr's code since the secure messaging app launched in 2012, and now they're finally getting that chance. Wickr..

 

Ghacks.net Firefox privacy and security user.js 0.11 is out


The most comprehensive Firefox privacy and security settings collection has been updated to version 0.11 to take into account changes in newer versions of Firefox.

[ #browser #Firefox #Mozilla #privacy #security ]

http://www.ghacks.net/2017/02/12/ghacks-net-firefox-user-js-config-0-11-is-out/

 
#security #passwords #gpgp #gnupgp #passbolt #internet #passwort #sicherheit #web

https://www.passbolt.com/

I have just find the alpha from #Passbolt and tried it onmy server.

I think it is a great idea and looks very save -> if you want to test it do not be shy and go to https://pass.dapor.net and create an account.

All data is encrypted with your privat key - no other is able to read or decrypt it.

There are Plugins for #Chrome and #Firefox

Passbolt | Open source password manager for teams

Passbolt is a free open source password manager for teams. Try our online demo!

 
Qubes OS is so nice. Just the fact that I can have two different Tor Browsers open at the same time (security settings low and high) is worth it.

#qubes #qubes-os #linux #security #tor

Qubes OS Project

Qubes is a security-oriented, open-source operating system for personal computers.

 

Dear friends of #privacy, here are the best add-ons for your #Firefox to increase #security and #anonymity ...

Thank you for your attention

Do you have more tips what we can do to increase our privacy?
please see also:
  • https://www.joindiaspora.com/posts/2967813
  • https://www.joindiaspora.com/posts/2762327

#freedom #internet #browser #www #surveillance #nsa

Privacy Settings

Alter Firefox's built-in privacy settings easily with a toolbar panel.

 

Dear friends of #privacy, here are the best add-ons for your #Firefox to increase #security and #anonymity ...

Thank you for your attention

Do you have more tips what we can do to increase our privacy?
please see also:
  • https://www.joindiaspora.com/posts/2967813
  • https://www.joindiaspora.com/posts/2762327

#freedom #internet #browser #www #surveillance #nsa

Privacy Settings

Alter Firefox's built-in privacy settings easily with a toolbar panel.

 

Dear friends of #privacy, here are the best add-ons for your #Firefox to increase #security and #anonymity ...

Thank you for your attention

Do you have more tips what we can do to increase our privacy?
please see also:
  • https://www.joindiaspora.com/posts/2967813
  • https://www.joindiaspora.com/posts/2762327

#freedom #internet #browser #www #surveillance #nsa

Privacy Settings

Alter Firefox's built-in privacy settings easily with a toolbar panel.

 

Dear friends of #privacy, here are the best add-ons for your #Firefox to increase #security and #anonymity ...

Thank you for your attention

Do you have more tips what we can do to increase our privacy?
please see also:
  • https://www.joindiaspora.com/posts/2967813
  • https://www.joindiaspora.com/posts/2762327

#freedom #internet #browser #www #surveillance #nsa

Privacy Settings

Alter Firefox's built-in privacy settings easily with a toolbar panel.

 

 
That's what you get for finding security bugs in #Nextcloud - plus monies, of course, up to USD 5000. Check out https://hackerone.com/nextcloud

And yes, dear users, that is how we help others help keep you secure! #security

https://www.facebook.com/photo.php?fbid=1919370441625375&set=a.1414437882118636.1073741831.100006573132584&type=3&theater
Bild/Foto

 
Festnahme: Venezolanische Bitcoin-Miner sollen Stromnetz gefährden - Golem.de
http://www.golem.de/news/festnahme-venezolanische-bitcoin-miner-sollen-stromnetz-gefaehrden-1701-125834.html
#Bitcoin #ASIC #Blockchain #Internet #PolitikRecht #Security

Festnahme: Venezolanische Bitcoin-Miner sollen Stromnetz gefährden - Golem.de

Was tun bei bitterer Armut und einem Strompreis, der gegen Null tendiert? Bitcoin-Mining! Das denken sich viele Bürger in Venezuela. Einige haben es wohl übertrieben und wurden

 
Festnahme: Venezolanische Bitcoin-Miner sollen Stromnetz gefährden - Golem.de
http://www.golem.de/news/festnahme-venezolanische-bitcoin-miner-sollen-stromnetz-gefaehrden-1701-125834.html
#Bitcoin #ASIC #Blockchain #Internet #PolitikRecht #Security

Festnahme: Venezolanische Bitcoin-Miner sollen Stromnetz gefährden - Golem.de

Was tun bei bitterer Armut und einem Strompreis, der gegen Null tendiert? Bitcoin-Mining! Das denken sich viele Bürger in Venezuela. Einige haben es wohl übertrieben und wurden

 
| Translate | Gitter

Why we don't publish at the Play Store



We got some requests recently, asking, why we do not publish #dandelion at the #GooglePlay.So here are our main reasons, why we don't plan to uploadthe app there currently.

First of all, we do not comply with Googles terms of service. Having to pay ~25€ to Google who did not write the app and does not respect your freedom nor your privacy on its platforms (Youtube, GMail...) just doesn't feel right. We believe, that our userbase is well aware of the privacy concerns that come with using Google's Services, so many diaspora* users actually get their apps through F-Droid (which is great). Second, if a user that does not know about F-Droid yet wants to use dandelion* and searches for it, they'll hopefully find out about the F-Droid project and may get in touch with free software that way. So by not publishing to Google Play, we hope to get more people to understand, use and appreciate free and open source software.

If you find dandelion* on the Play Store, please be aware, that you likely just found a version built by someone else. We can not guarantee that such a version has not been tampered with in terms of #malware, so we highly discourage you to use it. It should be clear, that we'll never charge you any money for using, downloading, sharing or modifying the app. Note also, that we won't support those versions.

If you want to dontate to the project to support the developers, and keep them motivated, please feel free to contact us :D As always, you can help us by submitting bug reports, code and/or translations on github and crowdin.
PS: We maintainers (@gsantner and @vanitasvitae) will soon have more time again to actively work on the app. The last weeks we were distracted with educational work, so here is some background information:

@gsantner was working on another FLOSS app called Froody, which lets you share (naturally growing) food and other things with others. He hopes to enable people to live a more sustainable life. The main idea is to share to and help other people by e.g. sharing pears, which would rot anyway if unused.Everything is built with international use in mind. The app is available at https://github.com/froodyapp/froody-android, and is currently available in #English, #German and #Japanese. Also translatable on Crowdin. He also writes his bachlor thesis about Open Source and Android, which will be completed in summer and likely to be released in an appropiate free license.

@vanitasvitae is writing his bachelor thesis about an #OMEMO module for #Smack, a #XMPP library used by many free messengers like #Jitsi or #Kontalk.
He hopes to enable those messengers to #encrypt your communication end-to-end using the OMEMO protocol introduced by #conversations.
He'll also attend #FOSDEM in #brussels by the way, so if you are there you might meet him and chat a little ;)

Sharing welcome!



Bild/Foto

Tags: #dandelion #dandeliondev #diaspora #diasporaforandroid #diasporaandroid #diasporaapp #app #fdroid #freesoftware #opensource #google #play #store #app #android-dev #foss #freie-software #freesoftware #opensource #translation #translator #release #mobile #froody #froodyapp #omemo #security #sustainability #sustainable #thesis

Diaspora-for-Android/dandelion

dandelion* - unofficial diaspora* android client

 
Mobile OS - Lineage OS
App Store - F-Droid
Browser - IceCatMobile
Chat - Signal
Microblogging - Twidere
Voip - Ring
Email - K9 Mail
Cloud - Nextcloud
Social Network - MeWe
News - Courier
Anonymity - Tor
Map - OsmAnd
Firewall - NetGuard

-------

#mobile #smartphone #apps #showYourApps #privacy #security #software #freedom

 
| Translate | Gitter

Why we don't publish at the Play Store



We got some requests recently, asking, why we do not publish #dandelion at the #GooglePlay.So here are our main reasons, why we don't plan to uploadthe app there currently.

First of all, we do not comply with Googles terms of service. Having to pay ~25€ to Google who did not write the app and does not respect your freedom nor your privacy on its platforms (Youtube, GMail...) just doesn't feel right. We believe, that our userbase is well aware of the privacy concerns that come with using Google's Services, so many diaspora* users actually get their apps through F-Droid (which is great). Second, if a user that does not know about F-Droid yet wants to use dandelion* and searches for it, they'll hopefully find out about the F-Droid project and may get in touch with free software that way. So by not publishing to Google Play, we hope to get more people to understand, use and appreciate free and open source software.

If you find dandelion* on the Play Store, please be aware, that you likely just found a version built by someone else. We can not guarantee that such a version has not been tampered with in terms of #malware, so we highly discourage you to use it. It should be clear, that we'll never charge you any money for using, downloading, sharing or modifying the app. Note also, that we won't support those versions.

If you want to dontate to the project to support the developers, and keep them motivated, please feel free to contact us :D As always, you can help us by submitting bug reports, code and/or translations on github and crowdin.
PS: We maintainers (@gsantner and @vanitasvitae) will soon have more time again to actively work on the app. The last weeks we were distracted with educational work, so here is some background information:

@gsantner was working on another FLOSS app called Froody, which lets you share (naturally growing) food and other things with others. He hopes to enable people to live a more sustainable life. The main idea is to share to and help other people by e.g. sharing pears, which would rot anyway if unused.Everything is built with international use in mind. The app is available at https://github.com/froodyapp/froody-android, and is currently available in #English, #German and #Japanese. Also translatable on Crowdin. He also writes his bachlor thesis about Open Source and Android, which will be completed in summer and likely to be released in an appropiate free license.

@vanitasvitae is writing his bachelor thesis about an #OMEMO module for #Smack, a #XMPP library used by many free messengers like #Jitsi or #Kontalk.
He hopes to enable those messengers to #encrypt your communication end-to-end using the OMEMO protocol introduced by #conversations.
He'll also attend #FOSDEM in #brussels by the way, so if you are there you might meet him and chat a little ;)

Sharing welcome!



Bild/Foto

Tags: #dandelion #dandeliondev #diaspora #diasporaforandroid #diasporaandroid #diasporaapp #app #fdroid #freesoftware #opensource #google #play #store #app #android-dev #foss #freie-software #freesoftware #opensource #translation #translator #release #mobile #froody #froodyapp #omemo #security #sustainability #sustainable #thesis

Diaspora-for-Android/dandelion

dandelion* - unofficial diaspora* android client

 
| Translate | Gitter

Why we don't publish at the Play Store



We got some requests recently, asking, why we do not publish #dandelion at the #GooglePlay.So here are our main reasons, why we don't plan to uploadthe app there currently.

First of all, we do not comply with Googles terms of service. Having to pay ~25€ to Google who did not write the app and does not respect your freedom nor your privacy on its platforms (Youtube, GMail...) just doesn't feel right. We believe, that our userbase is well aware of the privacy concerns that come with using Google's Services, so many diaspora* users actually get their apps through F-Droid (which is great). Second, if a user that does not know about F-Droid yet wants to use dandelion* and searches for it, they'll hopefully find out about the F-Droid project and may get in touch with free software that way. So by not publishing to Google Play, we hope to get more people to understand, use and appreciate free and open source software.

If you find dandelion* on the Play Store, please be aware, that you likely just found a version built by someone else. We can not guarantee that such a version has not been tampered with in terms of #malware, so we highly discourage you to use it. It should be clear, that we'll never charge you any money for using, downloading, sharing or modifying the app. Note also, that we won't support those versions.

If you want to dontate to the project to support the developers, and keep them motivated, please feel free to contact us :D As always, you can help us by submitting bug reports, code and/or translations on github and crowdin.
PS: We maintainers (@gsantner and @vanitasvitae) will soon have more time again to actively work on the app. The last weeks we were distracted with educational work, so here is some background information:

@gsantner was working on another FLOSS app called Froody, which lets you share (naturally growing) food and other things with others. He hopes to enable people to live a more sustainable life. The main idea is to share to and help other people by e.g. sharing pears, which would rot anyway if unused.Everything is built with international use in mind. The app is available at https://github.com/froodyapp/froody-android, and is currently available in #English, #German and #Japanese. Also translatable on Crowdin. He also writes his bachlor thesis about Open Source and Android, which will be completed in summer and likely to be released in an appropiate free license.

@vanitasvitae is writing his bachelor thesis about an #OMEMO module for #Smack, a #XMPP library used by many free messengers like #Jitsi or #Kontalk.
He hopes to enable those messengers to #encrypt your communication end-to-end using the OMEMO protocol introduced by #conversations.
He'll also attend #FOSDEM in #brussels by the way, so if you are there you might meet him and chat a little ;)

Sharing welcome!



Bild/Foto

Tags: #dandelion #dandeliondev #diaspora #diasporaforandroid #diasporaandroid #diasporaapp #app #fdroid #freesoftware #opensource #google #play #store #app #android-dev #foss #freie-software #freesoftware #opensource #translation #translator #release #mobile #froody #froodyapp #omemo #security #sustainability #sustainable #thesis

Diaspora-for-Android/dandelion

dandelion* - unofficial diaspora* android client

 
| Translate | Gitter

Why we don't publish at the Play Store



We got some requests recently, asking, why we do not publish #dandelion at the #GooglePlay.So here are our main reasons, why we don't plan to uploadthe app there currently.

First of all, we do not comply with Googles terms of service. Having to pay ~25€ to Google who did not write the app and does not respect your freedom nor your privacy on its platforms (Youtube, GMail...) just doesn't feel right. We believe, that our userbase is well aware of the privacy concerns that come with using Google's Services, so many diaspora* users actually get their apps through F-Droid (which is great). Second, if a user that does not know about F-Droid yet wants to use dandelion* and searches for it, they'll hopefully find out about the F-Droid project and may get in touch with free software that way. So by not publishing to Google Play, we hope to get more people to understand, use and appreciate free and open source software.

If you find dandelion* on the Play Store, please be aware, that you likely just found a version built by someone else. We can not guarantee that such a version has not been tampered with in terms of #malware, so we highly discourage you to use it. It should be clear, that we'll never charge you any money for using, downloading, sharing or modifying the app. Note also, that we won't support those versions.

If you want to dontate to the project to support the developers, and keep them motivated, please feel free to contact us :D As always, you can help us by submitting bug reports, code and/or translations on github and crowdin.
PS: We maintainers (@gsantner and @vanitasvitae) will soon have more time again to actively work on the app. The last weeks we were distracted with educational work, so here is some background information:

@gsantner was working on another FLOSS app called Froody, which lets you share (naturally growing) food and other things with others. He hopes to enable people to live a more sustainable life. The main idea is to share to and help other people by e.g. sharing pears, which would rot anyway if unused.Everything is built with international use in mind. The app is available at https://github.com/froodyapp/froody-android, and is currently available in #English, #German and #Japanese. Also translatable on Crowdin. He also writes his bachlor thesis about Open Source and Android, which will be completed in summer and likely to be released in an appropiate free license.

@vanitasvitae is writing his bachelor thesis about an #OMEMO module for #Smack, a #XMPP library used by many free messengers like #Jitsi or #Kontalk.
He hopes to enable those messengers to #encrypt your communication end-to-end using the OMEMO protocol introduced by #conversations.
He'll also attend #FOSDEM in #brussels by the way, so if you are there you might meet him and chat a little ;)

Sharing welcome!



Bild/Foto

Tags: #dandelion #dandeliondev #diaspora #diasporaforandroid #diasporaandroid #diasporaapp #app #fdroid #freesoftware #opensource #google #play #store #app #android-dev #foss #freie-software #freesoftware #opensource #translation #translator #release #mobile #froody #froodyapp #omemo #security #sustainability #sustainable #thesis

Diaspora-for-Android/dandelion

dandelion* - unofficial diaspora* android client

 

2FA for SSH and a new phone



Maybe this is useful for some of you.
I bought a new phone some days ago. Then I stumbled upon a problem with 2-factor-auth app Google Authenticator. There is no option to export the registered 2FA apps. Google itself and Amazon are providing simple possibilities to switch the second factor to a new device in your account settings. You need to rescan the qrcode with the new device and that's it.
But I also use 2FA for SSH access to my linux based server. Hmm... Fortunately, there is a way. Login to the machine with a code from Google Authenticator app on your current device. Then list the content of the file '.google_authenticator'. In line 1 you'll find the secret (key). Use this secret to register your SSH access on your new device/phone. Done. :)

#ssh #2fa #googleauthenticator #security

 

2FA for SSH and a new phone



Maybe this is useful for some of you.
I bought a new phone some days ago. Then I stumbled upon a problem with 2-factor-auth app Google Authenticator. There is no option to export the registered 2FA apps. Google itself and Amazon are providing simple possibilities to switch the second factor to a new device in your account settings. You need to rescan the qrcode with the new device and that's it.
But I also use 2FA for SSH access to my linux based server. Hmm... Fortunately, there is a way. Login to the machine with a code from Google Authenticator app on your current device. Then list the content of the file '.google_authenticator'. In line 1 you'll find the secret (key). Use this secret to register your SSH access on your new device/phone. Done. :)

#ssh #2fa #googleauthenticator #security

 

WhatsApp backdoor allows snooping on encrypted messages


A security backdoor that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service.

[ #WhatsApp #messenger #security #encryption ]

WhatsApp backdoor allows snooping on encrypted messages

Privacy campaigners criticise WhatsApp vulnerability as a ‘huge threat to freedom of speech’ and warn it could be exploited by government agencies

 
Hallo Ihr Lieben! #neuhier #newhere
Nachdem ich mich ein wenig bei #Diaspora eingelebt habe, residiere ich mittlerweile (vorerst, aber geplant für immer wenn´s gut läuft) auf eigenem #Friendica Server.

Meine Timeline ist schon etwas gefüllter, aber dennoch zu leer und ich bin wirklich interessiert an neuen und freundlichen Kontakten, rund um #Internet, #Gaming, #Freiheit, #Outdoor, #Events, #Informatik, #Anonymität, #Security, #Retro usw. Freue mich deshalb über jede Kontaktanfrage. Auch sehr gerne Menschen die aktuelle #Nachrichten aus dem #Weltgeschehen oder bestimmten Themen posten.

Bitte verzeiht, dass ich das Thema ein zweites Mal poste (erste Mal war an Weihnachten). Da ich nicht zum Spammer mutieren möchte, wird es natürlich auch das letzte mal sein, dass ich den #neuhier Tag schamlos ausnutze ;). Danke.

Beste Grüße!

 
"Yes, I want my browser to remember my details because I'm too lazy to type on this keyboard. Please take my details"

https://www.theguardian.com/technology/2017/jan/10/browser-autofill-used-to-steal-personal-details-in-new-phising-attack-chrome-safari

#spying #browser #phishing #chrome #safari #security #hacking #internet

Browser autofill used to steal personal details in new phishing attack

Chrome, Safari, Opera and extensions such as LastPass can be tricked into leaking private information using hidden text boxes, developer finds