Skip to main content

Suche

Beiträge die mit Security getaggt sind


 
# arch-audit -u
Package kauth is affected by CVE-2017-8422. High risk!Update to 5.33.0-2!

Ok, thank you arch-audit.

#security #archlinux #kde

 

How hackers can hijack brainwaves to capture your passwords


Researchers have demonstrated how a headset which uses your brain power to control other devices can be turned against you to grab passwords and PIN numbers.

[ #security #passwords #headset #EEG ]

http://www.zdnet.com/article/how-hackers-use-brainwaves-to-capture-your-passwords/

How hackers can hijack brainwaves to capture your passwords | ZDNet

Researchers argue that gadgets which use EEG signals could become very dangerous in the future.

 

WikiLeaks onthult CIA-tool voor lokale mitm-aanvallen


Klokkenluiderssite WikiLeaks heeft een nieuwe tool van de CIA onthuld waarmee de Amerikaanse inlichtingendienst man-in-the-middle-aanvallen op lokale netwerken kan uitvoeren.

[ #security #CIA #WikiLeaks #malware #Archimedes ]

https://www.security.nl/posting/513700/WikiLeaks+onthult+CIA-tool+voor+lokale+mitm-aanvallen

WikiLeaks onthult CIA-tool voor lokale mitm-aanvallen

Klokkenluiderssite WikiLeaks heeft een nieuwe tool van de CIA onthuld waarmee de Amerikaanse inlichtingendienst ...

 
Die #Security patches vom 5. April sind auch drin.

 
Hmm...my GNU/Linux system doesn't exfiltrate _any_ of this stuff; I fear that my system must not be "secure" and may not be "operating properly"!

https://technet.microsoft.com/itpro/windows/configure/windows-diagnostic-data

(But in all seriousness, what the FUCK!)

#WindowsWasMyIdea #privacy #security

Windows 10, version 1703 Diagnostic Data (Windows 10)

Use this article to learn about the types of that is collected the the Full telemetry level.

 
#podmin #poddapornet #router #security

https://pod.dapor.net is now secured by a pfsense ( https://www.pfsense.org) Firewall.

The old one (Sophos UTM9) took to much performance from the pod.

If you have any inconvenience let me know.....

Good night ;) --> BOFH ;)

pod.dapor.net*

diaspora* is the online social world where you are in control.

 
@Adam Hunt

Do you got the news about #IMSI #Catcher in #Ottawa last week ??
There is a cluster of IMSI-Catchers in the central of Ottawa found by canadian journalists.
With this Catcher you can hear, #track and #manipulate anything transmitted from and to the phone.

By the way, they used a mobile phone from a german brand to find it.

I only have the news on #german...

#nsa #security #surveillance

 
pod.dapor.net

updated to:

diaspora* security release 0.6.4.1

#diaspora #security #update #release #0641

 
Internet of Shit: #Miele Professional PG 8528 - Web Server Directory Traversal http://seclists.org/fulldisclosure/2017/Mar/63 #security

Full Disclosure: [CVE-2017-7240] Miele Professional PG 8528 - Web Server Directory Traversal

Full Disclosure: [CVE-2017-7240] Miele Professional PG 8528 - Web Server Directory Traversal

 
Internet of Shit: #Miele Professional PG 8528 - Web Server Directory Traversal http://seclists.org/fulldisclosure/2017/Mar/63 #security

Full Disclosure: [CVE-2017-7240] Miele Professional PG 8528 - Web Server Directory Traversal

Full Disclosure: [CVE-2017-7240] Miele Professional PG 8528 - Web Server Directory Traversal

 

Lack of security patching leaves mobile users exposed


An analysis of the patch updates among the five leading wireless carriers in the United States found that 71 percent of mobile devices still run on security patches more than two months old.

[ #mobile #smartphones #security ]

https://www.helpnetsecurity.com/2017/03/24/lack-security-patching-leaves-mobile-users-exposed/
https://www.helpnetsecurity.com/2017/03/24/lack-security-patching-leaves-mobile-users-exposed/

 

Lekken in D-Link-routers geven aanvaller beheerderswachtwoord


Twee beveiligingslekken in routers van fabrikant D-Link maken het mogelijk voor een aanvaller om op afstand het beheerderswachtwoord van het apparaat te achterhalen en een update is nog niet beschikbaar. De eerste kwetsbaarheid bevindt zich in de remote inlogpagina van het apparaat.

[ #security #router #beveiligingslekken ]

https://www.security.nl/posting/507521/Lekken+in+D-Link-routers+geven+aanvaller+beheerderswachtwoord

Lekken in D-Link-routers geven aanvaller beheerderswachtwoord

Twee beveiligingslekken in routers van fabrikant D-Link maken het mogelijk voor een aanvaller om op afstand het ...

 

Open Source und die Update-Resistenz | OSB – Open Source Business Alliance


Die Grünen erklärten beispielsweise, dass es sei nur ein unwichtiger Server mit altem Wahlkampfmaterial betroffen. Das zeigt offenkundige Unwissenheit darüber, wie solche Angriffe ablaufen. Und eine sträflich nachlässige Haltung gegenüber der IT-Sicherheit.
Organisationen und Privatleute verwenden Nextcloud und Owncloud, weil sie den Public-Cloud-Speicherangeboten misstrauen, Datenverluste oder ein Ausschnüffeln ihrer Privatsphäre befürchten. Daraus sollte eigentlich selbstverständlich folgen, dass Anwender auch Maßnahmen treffen, um solche Angriffe auf ihre eigenen Cloud-Speicher zu verhindern. Updates sind dafür unverzichtbar. Allerdings sind da nicht nur die Anwender in der Pflicht.

http://osb-alliance.de/blog/open-source-und-die-update-resistenz

#foss #security #it #nextcloud
http://osb-alliance.de/blog/open-source-und-die-update-resistenz

 

Apache servers under attack through easily exploitable Struts 2 flaw


A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday.

[ #server #admin #security #apache ]

https://www.helpnetsecurity.com/2017/03/09/apache-struts-2-attack/

Apache servers under attack through easily exploitable Struts 2 flaw - Help Net Security

A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released.

 
Mit dem Fairphone OS kann man sich aus den Fangarmen von Google befreien und die Kontrolle über seine Daten behalten: https://www.kuketz-blog.de/fairphone-2-wie-man-ein-smartphone-etwas-duemmer-macht/

#security #privacy #android #fairphone #datenschutz #afwall #xprivacy

Fairphone 2: Wie man ein Smartphone etwas dümmer macht • Kuketz IT-Security Blog

Mit dem Fairphone OS kann man sich aus den Fangarmen von Google befreien und die Kontrolle über seine Daten behalten

 
DiWiSH Fachgruppe IT- #Security auf der New Energy Husum zusammen mit @energynetworkSH & watt_2.0

DiWiSH-Fachgruppe IT-Security: IT-Sicherheit für Erneuerbare Energien - DiWiSH – Digitale Wirtschaft Schleswig-Holstein (Clustermanagement)

Die meisten Betreiber von Anlagen zur Erzeugung erneuerbarer Energien fallen aufgrund Ihrer Größe (< 450 MW installierte Leistung) nicht unter die Einstufung für kritische …

 
DiWiSH Fachgruppe IT- #Security auf der New Energy Husum zusammen mit @energynetworkSH & watt_2.0

DiWiSH-Fachgruppe IT-Security: IT-Sicherheit für Erneuerbare Energien - DiWiSH – Digitale Wirtschaft Schleswig-Holstein (Clustermanagement)

Die meisten Betreiber von Anlagen zur Erzeugung erneuerbarer Energien fallen aufgrund Ihrer Größe (< 450 MW installierte Leistung) nicht unter die Einstufung für kritische …

 

Poll about strict certificate checking


Hello admins of nodes, pods and hubs of the federated network,

in Friendica there is an option to verify SSL certificates.

Verify SSL
If you wish, you can turn on strict certificate checking. This will mean you cannot connect (at all) to self-signed SSL sites.


The strict certificate checking is disabled by default. I always ask myself, should I enable it for the sake of security or should I leave it alone and allow communication with servers with bad or self-signed certificates?
What do you think? How do you handle this?

#diaspora #friendica #hubzilla #ssl #security @Friendica Support

 
Bundesnetzagentur: Puppenverbot gefährdet das Smart Home und Bastler - Golem.de
https://www.golem.de/news/bundesnetzagentur-puppenverbot-gefaehrdet-das-smart-home-und-bastler-1702-126262.html
#Spielzeug #Bundesnetzagentur #Cookies #Datenschutz #Verbraucherschutz #API #Security

Bundesnetzagentur: Puppenverbot gefährdet das Smart Home und Bastler - Golem.de

Eine Entscheidung der Bundesnetzagentur könnte Smart-Home-Fans und Bastler zu Straftätern machen. Dabei ist die rechtliche Grundlage längst nicht so eindeutig,

 
Bundesnetzagentur: Puppenverbot gefährdet das Smart Home und Bastler - Golem.de
https://www.golem.de/news/bundesnetzagentur-puppenverbot-gefaehrdet-das-smart-home-und-bastler-1702-126262.html
#Spielzeug #Bundesnetzagentur #Cookies #Datenschutz #Verbraucherschutz #API #Security

Bundesnetzagentur: Puppenverbot gefährdet das Smart Home und Bastler - Golem.de

Eine Entscheidung der Bundesnetzagentur könnte Smart-Home-Fans und Bastler zu Straftätern machen. Dabei ist die rechtliche Grundlage längst nicht so eindeutig,

 
| Translate | Gitter

Why we don't publish at the Play Store



We got some requests recently, asking, why we do not publish #dandelion at the #GooglePlay.So here are our main reasons, why we don't plan to uploadthe app there currently.

First of all, we do not comply with Googles terms of service. Having to pay ~25€ to Google who did not write the app and does not respect your freedom nor your privacy on its platforms (Youtube, GMail...) just doesn't feel right. We believe, that our userbase is well aware of the privacy concerns that come with using Google's Services, so many diaspora* users actually get their apps through F-Droid (which is great). Second, if a user that does not know about F-Droid yet wants to use dandelion* and searches for it, they'll hopefully find out about the F-Droid project and may get in touch with free software that way. So by not publishing to Google Play, we hope to get more people to understand, use and appreciate free and open source software.

If you find dandelion* on the Play Store, please be aware, that you likely just found a version built by someone else. We can not guarantee that such a version has not been tampered with in terms of #malware, so we highly discourage you to use it. It should be clear, that we'll never charge you any money for using, downloading, sharing or modifying the app. Note also, that we won't support those versions.

If you want to dontate to the project to support the developers, and keep them motivated, please feel free to contact us :D As always, you can help us by submitting bug reports, code and/or translations on github and crowdin.
PS: We maintainers (@gsantner and @vanitasvitae) will soon have more time again to actively work on the app. The last weeks we were distracted with educational work, so here is some background information:

@gsantner was working on another FLOSS app called Froody, which lets you share (naturally growing) food and other things with others. He hopes to enable people to live a more sustainable life. The main idea is to share to and help other people by e.g. sharing pears, which would rot anyway if unused.Everything is built with international use in mind. The app is available at https://github.com/froodyapp/froody-android, and is currently available in #English, #German and #Japanese. Also translatable on Crowdin. He also writes his bachlor thesis about Open Source and Android, which will be completed in summer and likely to be released in an appropiate free license.

@vanitasvitae is writing his bachelor thesis about an #OMEMO module for #Smack, a #XMPP library used by many free messengers like #Jitsi or #Kontalk.
He hopes to enable those messengers to #encrypt your communication end-to-end using the OMEMO protocol introduced by #conversations.
He'll also attend #FOSDEM in #brussels by the way, so if you are there you might meet him and chat a little ;)

Sharing welcome!



Bild/Foto

Tags: #dandelion #dandeliondev #diaspora #diasporaforandroid #diasporaandroid #diasporaapp #app #fdroid #freesoftware #opensource #google #play #store #app #android-dev #foss #freie-software #freesoftware #opensource #translation #translator #release #mobile #froody #froodyapp #omemo #security #sustainability #sustainable #thesis

Diaspora-for-Android/dandelion

dandelion* - unofficial diaspora* android client

 

Encrypted chat app Wickr opens code for public review


Security researchers have wanted a peek at Wickr’s code since the secure messaging app launched in 2012, and now they’re finally getting that chance. Wickr is publishing its code for Wickr Professional, the subscription-based enterprise version of its free messaging app, today for public review.

[ #chat #messenger #security #encryption #Wickr ]

TechCrunch: Encrypted chat app Wickr opens code for public review (Kate Conger)

Security researchers have wanted a peek at Wickr's code since the secure messaging app launched in 2012, and now they're finally getting that chance. Wickr..

 

Ghacks.net Firefox privacy and security user.js 0.11 is out


The most comprehensive Firefox privacy and security settings collection has been updated to version 0.11 to take into account changes in newer versions of Firefox.

[ #browser #Firefox #Mozilla #privacy #security ]

http://www.ghacks.net/2017/02/12/ghacks-net-firefox-user-js-config-0-11-is-out/

 
#security #passwords #gpgp #gnupgp #passbolt #internet #passwort #sicherheit #web

https://www.passbolt.com/

I have just find the alpha from #Passbolt and tried it onmy server.

I think it is a great idea and looks very save -> if you want to test it do not be shy and go to https://pass.dapor.net and create an account.

All data is encrypted with your privat key - no other is able to read or decrypt it.

There are Plugins for #Chrome and #Firefox

Passbolt | Open source password manager for teams

Passbolt is a free open source password manager for teams. Try our online demo!

 
Qubes OS is so nice. Just the fact that I can have two different Tor Browsers open at the same time (security settings low and high) is worth it.

#qubes #qubes-os #linux #security #tor

Qubes OS Project

Qubes is a security-oriented, open-source operating system for personal computers.

 

Dear friends of #privacy, here are the best add-ons for your #Firefox to increase #security and #anonymity ...

Thank you for your attention

Do you have more tips what we can do to increase our privacy?
please see also:
  • https://www.joindiaspora.com/posts/2967813
  • https://www.joindiaspora.com/posts/2762327

#freedom #internet #browser #www #surveillance #nsa

Privacy Settings

Alter Firefox's built-in privacy settings easily with a toolbar panel.

 

Dear friends of #privacy, here are the best add-ons for your #Firefox to increase #security and #anonymity ...

Thank you for your attention

Do you have more tips what we can do to increase our privacy?
please see also:
  • https://www.joindiaspora.com/posts/2967813
  • https://www.joindiaspora.com/posts/2762327

#freedom #internet #browser #www #surveillance #nsa

Privacy Settings

Alter Firefox's built-in privacy settings easily with a toolbar panel.

 

Dear friends of #privacy, here are the best add-ons for your #Firefox to increase #security and #anonymity ...

Thank you for your attention

Do you have more tips what we can do to increase our privacy?
please see also:
  • https://www.joindiaspora.com/posts/2967813
  • https://www.joindiaspora.com/posts/2762327

#freedom #internet #browser #www #surveillance #nsa

Privacy Settings

Alter Firefox's built-in privacy settings easily with a toolbar panel.

 

Dear friends of #privacy, here are the best add-ons for your #Firefox to increase #security and #anonymity ...

Thank you for your attention

Do you have more tips what we can do to increase our privacy?
please see also:
  • https://www.joindiaspora.com/posts/2967813
  • https://www.joindiaspora.com/posts/2762327

#freedom #internet #browser #www #surveillance #nsa

Privacy Settings

Alter Firefox's built-in privacy settings easily with a toolbar panel.

 

 
That's what you get for finding security bugs in #Nextcloud - plus monies, of course, up to USD 5000. Check out https://hackerone.com/nextcloud

And yes, dear users, that is how we help others help keep you secure! #security

https://www.facebook.com/photo.php?fbid=1919370441625375&set=a.1414437882118636.1073741831.100006573132584&type=3&theater
Bild/Foto

 
Festnahme: Venezolanische Bitcoin-Miner sollen Stromnetz gefährden - Golem.de
http://www.golem.de/news/festnahme-venezolanische-bitcoin-miner-sollen-stromnetz-gefaehrden-1701-125834.html
#Bitcoin #ASIC #Blockchain #Internet #PolitikRecht #Security

Festnahme: Venezolanische Bitcoin-Miner sollen Stromnetz gefährden - Golem.de

Was tun bei bitterer Armut und einem Strompreis, der gegen Null tendiert? Bitcoin-Mining! Das denken sich viele Bürger in Venezuela. Einige haben es wohl übertrieben und wurden

 
Festnahme: Venezolanische Bitcoin-Miner sollen Stromnetz gefährden - Golem.de
http://www.golem.de/news/festnahme-venezolanische-bitcoin-miner-sollen-stromnetz-gefaehrden-1701-125834.html
#Bitcoin #ASIC #Blockchain #Internet #PolitikRecht #Security

Festnahme: Venezolanische Bitcoin-Miner sollen Stromnetz gefährden - Golem.de

Was tun bei bitterer Armut und einem Strompreis, der gegen Null tendiert? Bitcoin-Mining! Das denken sich viele Bürger in Venezuela. Einige haben es wohl übertrieben und wurden

 
| Translate | Gitter

Why we don't publish at the Play Store



We got some requests recently, asking, why we do not publish #dandelion at the #GooglePlay.So here are our main reasons, why we don't plan to uploadthe app there currently.

First of all, we do not comply with Googles terms of service. Having to pay ~25€ to Google who did not write the app and does not respect your freedom nor your privacy on its platforms (Youtube, GMail...) just doesn't feel right. We believe, that our userbase is well aware of the privacy concerns that come with using Google's Services, so many diaspora* users actually get their apps through F-Droid (which is great). Second, if a user that does not know about F-Droid yet wants to use dandelion* and searches for it, they'll hopefully find out about the F-Droid project and may get in touch with free software that way. So by not publishing to Google Play, we hope to get more people to understand, use and appreciate free and open source software.

If you find dandelion* on the Play Store, please be aware, that you likely just found a version built by someone else. We can not guarantee that such a version has not been tampered with in terms of #malware, so we highly discourage you to use it. It should be clear, that we'll never charge you any money for using, downloading, sharing or modifying the app. Note also, that we won't support those versions.

If you want to dontate to the project to support the developers, and keep them motivated, please feel free to contact us :D As always, you can help us by submitting bug reports, code and/or translations on github and crowdin.
PS: We maintainers (@gsantner and @vanitasvitae) will soon have more time again to actively work on the app. The last weeks we were distracted with educational work, so here is some background information:

@gsantner was working on another FLOSS app called Froody, which lets you share (naturally growing) food and other things with others. He hopes to enable people to live a more sustainable life. The main idea is to share to and help other people by e.g. sharing pears, which would rot anyway if unused.Everything is built with international use in mind. The app is available at https://github.com/froodyapp/froody-android, and is currently available in #English, #German and #Japanese. Also translatable on Crowdin. He also writes his bachlor thesis about Open Source and Android, which will be completed in summer and likely to be released in an appropiate free license.

@vanitasvitae is writing his bachelor thesis about an #OMEMO module for #Smack, a #XMPP library used by many free messengers like #Jitsi or #Kontalk.
He hopes to enable those messengers to #encrypt your communication end-to-end using the OMEMO protocol introduced by #conversations.
He'll also attend #FOSDEM in #brussels by the way, so if you are there you might meet him and chat a little ;)

Sharing welcome!



Bild/Foto

Tags: #dandelion #dandeliondev #diaspora #diasporaforandroid #diasporaandroid #diasporaapp #app #fdroid #freesoftware #opensource #google #play #store #app #android-dev #foss #freie-software #freesoftware #opensource #translation #translator #release #mobile #froody #froodyapp #omemo #security #sustainability #sustainable #thesis

Diaspora-for-Android/dandelion

dandelion* - unofficial diaspora* android client