Skip to main content

Search

Items tagged with: security


 
In einer Software für Arztpraxen ist der Updateprozess ungeschützt über eine Rsync-Verbindung erfolgt. Der Hersteller der Software versucht, Berichterstattung darüber zu #Medizin #Datensicherheit #Man-in-the-Middle #Sicherheitslücke #Unternehmenssoftware #Server #Applikationen #Security #Wirtschaft

 
#BleepingComputer #Privacy #Security #Moscow #Russia #BraveNewWorld

 
#BleepingComputer #Privacy #Security #Moscow #Russia #BraveNewWorld

 
Awesome, just configured the Firefox addon "Temporary Containers" to open every non "always open in"-tab as temporary tab.

This prevents a lot of CSRF attacks, even when websites themselves didn't implement proper measures.

To implement it I use those two addons:

https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/

and:

https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/

#firefox #containers #infosec #security
Bild/Foto

 
Malicious Python libraries stealing OpenPGP and SSH keys:

https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/

– Look for python3-dateutil, and jeIlyfish.
– Both modules try to exfiltrate SSH/OpenPGP keys and send them to an IP address.
– This is the third time the PyPI team intervenes to remove typo-squatted malicious Python libraries from the official repository.

#python #malware #pypi #infosec #security #cybersecurity

 
Any recommendation for an outdoor ip-cam which does motion detection and is able to save images or videos on any server I want? No chinese cloud or other manufacturer-owned servers. Smartphone-app not required but welcomed.

#ipcam #security #ipcamera

 

Private Internet Access VPN to be acquired by malware company founded by former Israeli spy

Private Internet Access is in the process of being acquired by Kape Technologies.


Kape Technologies is better known by the name under which they were formerly incorporated - "Crossrider" but make no mistake they are the same company which became notorious as an adware/malware producer.
#PIA #PrivateInternetAccess #VPN #Crossrider #KapeTechnologies #unit8200 #security #privacy

 

Datenleck: Daten von 20 Millionen Mixcloud-Nutzern im Darknet - Golem.de


@Herr Von Sinnen Nutzt du nicht den Dienst?

#mixcloud #security #leak

 
Keeping your account secure is a top priority.

We'll be rolling out Security Checkup next week, it will periodically remind users to secure their account!

#pixelfed #security
Bild/Foto

 
We are often asked, why does the Librem 5 cost that much? Because we are "Breaking Ground" https://puri.sm/posts/breaking-ground/ https://youtu.be/IQIxr5qcasQ

When you order a #Librem5 you get a #Linux desktop in your pocket and support an #EthicalTech future where our #privacy and data aren't exploited by #BiGTech for profit https://puri.sm/products/librem-5/ #security

 
Kann mir jemand einen verschlüsselten Cloud Speicher empfehlen in Deutschland:

- Transportverschlüsselung
- Dateien verschlüsselt (256 Bit)
- Server Standort Deutschland / Schweiz
- Teilen von Dateien möglich

Danke

#Server #Cloud #Verschlüsselung #Encrypted #security

 
Schlamperei von Mobilfunkfirmen: SMS-Nachfolger wird zum Sicherheitsrisiko
https://www.spiegel.de/netzwelt/netzpolitik/rcs-sms-nachfolger-wird-zum-sicherheitsrisiko-a-1298969.html

Und der Anwender kann nichts tun. Betroffen ist er auch, wenn er RCS gar nicht nutzt...

#security

 
#PaperbackCLI is a #paper-based #backup system.

Paperback-cli is a tool which encodes any file into a very large 2D #barcode which can be decoded back into the original file. The encoded barcode is resilient to error and can be printed onto a piece of paper to later be scanned and decoded. Paperback-cli can encode upwards of 500 kB of raw data per laser printed page.

Website 🔗️: https://git.teknik.io/scuti/paperback-cli

#free #opensource #foss #fossmendations #security

 
#BleepingComputer #Internet #Malware #Security #AdFraud

 
Mastercard Bans Automatic Billing After Free Trials | News & Opinion | PCMag.com https://www.pcmag.com/news/366051/mastercard-bans-automatic-billing-after-free-trials
Isn't it annoying when you sign up for a free trial, and forget to cancel before the company starts billing you? Mastercard apparently thinks so, because it will no longer allow the practice on its accounts.
#security

 

#ISupportFreeSoftware #joinFSFnow


@Free Software Foundation is aiming to become +600 new member stronger this year.
  • If you are already a member, don’t forget to renew your membership and to encourage others to join.
  • If you are not yet a member, but already value the 4 essential software freedoms, then join FSF now: https://my.fsf.org/join.
  • If you don’t value the 4 software freedoms yet, then think again.
Bild/Foto

Use hashtags #ISupportFreeSoftware and #joinFSFnow to drive the conversation on social media.

#fsf #free-software #privacy #security #software #freedom #open-source #opensource #foss #floss #freesoftware

 

#ISupportFreeSoftware #joinFSFnow


@Free Software Foundation is aiming to become +600 new member stronger this year.
  • If you are already a member, don’t forget to renew your membership and to encourage others to join.
  • If you are not yet a member, but already value the 4 essential software freedoms, then join FSF now: https://my.fsf.org/join.
  • If you don’t value the 4 software freedoms yet, then think again.
Bild/Foto

Use hashtags #ISupportFreeSoftware and #joinFSFnow to drive the conversation on social media.

#fsf #free-software #privacy #security #software #freedom #open-source #opensource #foss #floss #freesoftware

 
Officials warn about the dangers of using public USB charging stations | ZDNet

Using USB condoms...
#usb #security

 
Replace your exploit-ridden firmware with a Linux kernel ( PDF )....

RESULT :
OCP boot time: 8 minutes -> 17 seconds
○ I.e. 32x speedup
○ This is to a shell prompt in Linux
● OCP -> DHCP -> wget -> kexec: 20 seconds
● All userland written in Go
● Linux performance and reliability in firmware
● Eliminate all UEFI/ME post-boot activity

THE PROBLEM :
● Linux no longer controls the x86 platform
● Between Linux and the hardware are at least
2 ½ kernels
● They are completely proprietary and
(perhaps not surprisingly) exploit-friendly
● And the exploits can persist, i.e. be written to
FLASH, and you can’t fix that

The operating systems

Code you know about and X86 CPU you know about:-

Ring 3 (User)
Ring 0 (Linux)
Ring -1 (Xen etc.)

**Code you don’t know about and X86 CPU you know about :- **
Ring -2 kernel and ½ kernel
Control all CPU resources.
Invisible to Ring -1, 0, 3
Ring -1 (Xen etc.)

SMM ½ kernel. Traps to
8086 16-bit mode.
UEFI kernel running in
64-bit paged mode.

Code you don’t know about :- and X86 CPU(s) you don’t know about :-

Ring -3 kernels
Management Engine, ISH, IE.
Higher privilege than Ring -2.
Can turn on node and reimage
disks invisibly. Minix 3.

What’s in ring -2 and ring -3?
● IP stacks (4 and 6)
● File systems
● Drivers (disk, net, USB, mouse)
● Web servers
● Passwords (yours)
● Can reimage your workstation even if it’s
powered off

Ring -3 OS: ME (Management Engine)

● Full Network manageability
● Regular Network manageability
● Manageability
● Small business technology
● Level III manageability
● IntelR Anti-Theft (AT)
● IntelR Capability Licensing
Service (CLS)
● IntelR Power Sharing
Technology (MPC)
● ICC Over Clocking
● Protected Audio Video Path
(PAVP)
● IPV6
● KVM Remote Control (KVM)
● Outbreak Containment Heuristic
(OCH)
● Virtual LAN (VLAN)
● TLS
● Wireless LAN (WLAN)

Vassilios Ververis: https://goo.gl/j7Jmx5
● Great overview of many early ME flaws
● Summary: just about every part of the ME
software can be attacked
● Only some of the bugs get fixed ...

‘Intel ME exploit’: 50M hits
● “Wired” headline: “HACK BRIEF: INTEL
FIXES A CRITICAL BUG THAT LINGERED
FOR 7 DANG YEARS”
● How many is that? One billion systems?
● Bug was in the built-in web server in the ME
○ Yep: the hidden CPU had a web server
○ That evidently you can’t turn off
○ Even though docs said you could

Ring -2 “½ OS”: System
Management Mode (SMM)
● Originally used for power management
● No time for full details but …
○ Vectors to 8086 16-bit mode code
■ I.e. great place for an attack
○ All kinds of interrupts can go here, e.g. USB
○ Nowadays almost all of these go out again to ACPI
● That said, it’s a very nasty bit of code
● Vendors use it as secret way to “value-add”

#LINUX #GNU #IME #SECURITY #COMPUTER #HARDWARE #SOFTWARE #HACKER #GO #KERNEL #PDF

 

Invasive scheme spotted that foxes tracker blockers | TechCrunch

The tracker in question was spotted being deployed by French national newspaper, Liberation, which in October promised subscribers an entirely tracker-free experience.

That promise garnered it a bunch of attention from privacy experts who dug around and found a first-party tracker embedded on its site which uses a subdomain (that’s mostly random) in order to redirect to a third party — thereby making it difficult to block (i.e. without also blocking Liberation’s own domain).
#technology #internet #privacy #security #tracker
Invasive scheme spotted that foxes tracker blockers

 

Invasive scheme spotted that foxes tracker blockers | TechCrunch

The tracker in question was spotted being deployed by French national newspaper, Liberation, which in October promised subscribers an entirely tracker-free experience.

That promise garnered it a bunch of attention from privacy experts who dug around and found a first-party tracker embedded on its site which uses a subdomain (that’s mostly random) in order to redirect to a third party — thereby making it difficult to block (i.e. without also blocking Liberation’s own domain).
#technology #internet #privacy #security #tracker
Invasive scheme spotted that foxes tracker blockers

 
#Tesla #Powerwall 2 #security is rather poor: https://github.com/hackerschoice/thc-tesla-powerwall2-hack

Their default password is "2019". Seriously? 🙄

 
Achtung #Nextcloud Admins: Aktuell greift wohl eine Ransomware Nextcloud-Server an. Momentan scheint der Angriffs-Vektor noch unbekannt zu sein: https://www.heise.de/security/meldung/Ransomware-NextCry-greift-Nextcloud-Server-an-4588421.html
Falls noch nicht erledigt, ist es nun höchste Zeit, sich über ein Backup-Konzept der eigenen Nextcloud Gedanken zu machen. #security

 
[url=%5Bhttps://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/]New NextCry Ransomware Encrypts Data on NextCloud Linux Servers[/url]




#BleepingComputer #NextCloud #Malware #Ransomware #Security #Linux

 

The ESP32, Laid Bare


#microcontrollers #news #securityhacks #esp32 #glitching #security #hackaday
posted by pod_feeder_v2
The ESP32, Laid Bare

 

The ESP32, Laid Bare


#microcontrollers #news #securityhacks #esp32 #glitching #security #hackaday
posted by pod_feeder_v2
The ESP32, Laid Bare

 

How terrible software design decisions led to Uber’s deadly 2018 crash


https://arstechnica.com/cars/2019/11/how-terrible-software-design-decisions-led-to-ubers-deadly-2018-crash/
The NTSB report includes a second-by-second timeline showing what the software was "thinking" as it approached Herzberg, who was pushing a bicycle across a multi-lane road far from any crosswalk:

- 5.2 seconds before impact, the system classified her as an "other" object.
- 4.2 seconds before impact, she was reclassified as a vehicle.
- Between 3.8 and 2.7 seconds before impact, the classification alternated several times between "vehicle" and "other."
- 2.6 seconds before impact, the system classified Herzberg and her bike as a bicycle.
- 1.5 seconds before impact she became "unknown."
- 1.2 seconds before impact she became a "bicycle" again.
#uber, #security, #self-driving-car

 

How terrible software design decisions led to Uber’s deadly 2018 crash


https://arstechnica.com/cars/2019/11/how-terrible-software-design-decisions-led-to-ubers-deadly-2018-crash/
The NTSB report includes a second-by-second timeline showing what the software was "thinking" as it approached Herzberg, who was pushing a bicycle across a multi-lane road far from any crosswalk:

- 5.2 seconds before impact, the system classified her as an "other" object.
- 4.2 seconds before impact, she was reclassified as a vehicle.
- Between 3.8 and 2.7 seconds before impact, the classification alternated several times between "vehicle" and "other."
- 2.6 seconds before impact, the system classified Herzberg and her bike as a bicycle.
- 1.5 seconds before impact she became "unknown."
- 1.2 seconds before impact she became a "bicycle" again.
#uber, #security, #self-driving-car

 

How terrible software design decisions led to Uber’s deadly 2018 crash


https://arstechnica.com/cars/2019/11/how-terrible-software-design-decisions-led-to-ubers-deadly-2018-crash/
The NTSB report includes a second-by-second timeline showing what the software was "thinking" as it approached Herzberg, who was pushing a bicycle across a multi-lane road far from any crosswalk:

- 5.2 seconds before impact, the system classified her as an "other" object.
- 4.2 seconds before impact, she was reclassified as a vehicle.
- Between 3.8 and 2.7 seconds before impact, the classification alternated several times between "vehicle" and "other."
- 2.6 seconds before impact, the system classified Herzberg and her bike as a bicycle.
- 1.5 seconds before impact she became "unknown."
- 1.2 seconds before impact she became a "bicycle" again.
#uber, #security, #self-driving-car

 

Laser-Based Audio Injection on Voice-Controllable Systems





#cellphonehacks #laserhacks #audio #lasers #security #sound #thephotoacousticeffect #hackaday
posted by pod_feeder_v2
Laser-Based Audio Injection on Voice-Controllable Systems

 

Laser-Based Audio Injection on Voice-Controllable Systems





#cellphonehacks #laserhacks #audio #lasers #security #sound #thephotoacousticeffect #hackaday
posted by pod_feeder_v2
Laser-Based Audio Injection on Voice-Controllable Systems

 
Laser-Based Audio Injection on Voice-Controllable Systems
Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light. In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows.

https://lightcommands.com/
#Security #Hacking #Cloud

 
Falsehoods Computer Science Students (Still) Believe Upon Graduating:

https://www.netmeister.org/blog/cs-falsehoods.html

Security-related myths:

– Open Source means it has fewer bugs and is more secure.
– 'Privacy' and 'Confidentiality' are synonymous.
– 'Encryption' and 'Security' are synonymous.

(And no, most CS students neither are good programmers nor security specialists upon graduating.)

#falsehoods #myths #infosec #cybersecurity #security

 
#OPNsense 19.7.6 released opnsense.org/opnsense-19-7-… #security #update
OPNsense 19.7.6 released

 
/* Somit ist startpage nun verbrannt */ #security
Startpage verkauft Firmen-Anteile an System1 LLC
Startpage verkauft Firmen-Anteile an System1 LLC

 
Verrohung in Social Media: Landes-Antisemitismusbeauftragter verlässt Facebook - Golem.de
https://www.golem.de/news/verrohung-in-social-media-landes-antisemitismusbeauftragter-verlaesst-facebook-1910-144690.html
#Facebook #Datenschutz #Datensicherheit #Diskriminierung #SozialesNetz #Twitter #Internet #Security

 
Verrohung in Social Media: Landes-Antisemitismusbeauftragter verlässt Facebook - Golem.de
https://www.golem.de/news/verrohung-in-social-media-landes-antisemitismusbeauftragter-verlaesst-facebook-1910-144690.html
#Facebook #Datenschutz #Datensicherheit #Diskriminierung #SozialesNetz #Twitter #Internet #Security

 
This page from @info_activism is a treasure trove of useful stuff: "Everyday steps you can take to control your digital #privacy, #security, and #wellbeing in ways that feel right to you." #digitaldetox #datadetox https://datadetoxkit.org/