snarl.de

Suche

Beiträge die mit Security getaggt sind

How #Plex is doing #HTTPS for all its users

source: https://blog.filippo.io/how-plex-is-doing-https-for-all-its-users/

* the "jolly" #DNS setup allows the client to connect to the server with any IP it wants - for example 192.168.1.7 when at home, 1.2.3.4 when not - which can change without waiting for any DNS propagation time
* the wildcard certificate is valid whatever the IP used
* the user/server/whatever hash makes it so a #certificate can only be used to authenticate a specific server (even if it can have any IP) which makes it safe to hand the private key to the user
* since the root domain is plex.direct they won't have any trouble doing the required #... mehr anzeigen
 

Never trust the cops ...

source: https://nakedsecurity.sophos.com/2018/01/12/police-give-out-infected-usbs-as-prizes-in-cybersecurity-quiz/

#security #usb #fail #news #police

Naked Security: Police give out infected USBs as prizes in cybersecurity quiz (Lisa Vaas)

Quiz winners at a data security expo were given USBs, which been accidentally infected with executable malware files
 

#Pakistan is not allied with the U.S. anymore...

Source: https://www.rt.com/news/415483-pakistan-suspend-military-us/

#news #security #politics

Pakistan ‘drops military & intel ties’ with US after Trump’s aid cuts – minister

Islamabad is suspending military ties and intelligence sharing with the US, the Pakistani defense minister said, following accusations and aid cuts by President Donald Trump.
 

How I Socially Engineer Myself Into High #Security Facilities

source: https://motherboard.vice.com/en_us/article/qv34zb/how-i-socially-engineer-myself-into-high-security-facilities
I get paid to think like a criminal. Organizations hire me to evaluate their security, which I do by seeing if I can bypass it. During tests I get to do some lockpicking, climb over walls or hop barbed wire fences.
#news #job

How I Socially Engineer Myself Into High Security Facilities

A pentester shares a story that shows how social engineering can get you anywhere.
 

#Meltdown and #Spectre: Breakdown of The recent CPU #Security #Bug


Meltdown and Spectre: Breakdown of The recent CPU Security Bug

Both exploits abuse speculative execution to access "privileged memory" and allows a lower privilege user process to read them.
 

All CPUs are broken :(

source: https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html

#security #cpu #fail #amd #arm #intel #bug #hardware #news

Today's CPU vulnerability: what you need to know

Posted by Matt Linton, Senior Security Engineer and Pat Parseghian, Technical Program Manager [For technical details about this issue, ple...
 

Meltdown and Spectre

Bugs in modern computers leak passwords and sensitive data.

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.
https://spectreattack.com/

https://meltdownattack.com/

#intel #infosec #security

Meltdown and Spectre

Meltdown and Spectre
 
“use signal, use tor” is a great way to get a person to think #security is a magic bullet solved with apps instead of a process of identifying and mitigating risks. “use pgp” is a great way to make people think this is impossible magic. not everyone’s adversary is the NSA. not everyone can afford a device that gets security updates. not everyone has a single static identity. not everyone can use a phone number as an identifier like Signal requires.
 

2017 was not a good year for privacy or security

Okay that was an understatement, as Zack Whittaker catalogs:

* 2017 was a dumpster fire of privacy and security screw-up on #ZDNet

#privacy #security #phone #cellphone #surveillance

2017 was a dumpster fire of privacy and security screw-ups

2016 may have killed every famous person we ever cared about, but it was tame compared to the dumpster fire of security screw-ups and privacy violations that 2017 had in store. Here's our look back.
 

A #Digital #Geneva #Convention to protect #cyberspace ... from #Microsoft - #WTF?!

source: https://www.microsoft.com/en-us/cybersecurity/content-hub/a-digital-geneva-convention-to-protect-cyberspace

#humanrights #economy #security #surveillance #privacy #news

A Digital Geneva Convention to protect cyberspace | Microsoft Cybersecurity

Effective cybersecurity is critical to international peace and economic stability. The Digital Geneva Convention can play the central role in safeguarding citizens from state-led cyberattacks.
 

Home Economics: How Life in 123 Million American Households Was Exposed #Online

source: https://www.upguard.com/breaches/cloud-leak-alteryx
While the Census #data consists entirely of publicly accessible statistics and information, Experian’s ConsumerView #marketing #database, a product sold to other enterprises, contains a mix of public details and more sensitive data.Taken together, the exposed data reveals billions of personally identifying details and data points about virtually every American household.
...
On October 6, 2017, UpGuard Director of Cyber Risk Research Chris Vickery discovered an Amazon Web Services S3cloud storage bucket located at
... mehr anzeigen
 

#MobileCoin the new #cryptocurrency from Moxie #Marlinspike

source: https://www.mobilecoin.com

The #security is based on #Intel's Software Guard Extensions #SGX.

Can we trust Intel? Is every Intel server a Panama Paradise?
#news #software #currency #bitcoins

MobileCoin

MobileCoin
 

Donald #Trump to drop #climate #change from list of national #security threats

source: https://www.independent.co.uk/environment/donald-trump-climate-change-national-secuirty-security-threats-global-warming-environment-clean-coal-a8116326.html

#politics #usa #environment #news

Donald Trump to drop climate change from list of national security threats

Donald Trump is to remove climate change from the global threats listed in his National Security Strategy, due to be released on Monday. The new position is a reversal of the Obama administration’s decision to place climate change in the strategy, a decision which Mr Trump mocked on the campaign trail. The last such strategy document, prepared in 2015, declared climate change an "urgent and growing threat to our national security". 
 

It’s Official: #NorthKorea Is Behind #WannaCry

source: https://www.wsj.com/articles/its-official-north-korea-is-behind-wannacry-1513642537

This is clear #fake #news!

The #NSA is responsible because they didn't report the #vulnerability to #Microsoft. In doing so, they have compromised the #security of all #Windows users and made themselves clearly guilty.
#internet #politics #usa #fnord #covfefe #fail

It’s Official: North Korea Is Behind WannaCry

The massive cyberattack cost billions and put lives at risk. Pyongyang will be held accountable.
 
Bild/Foto

Nearly a quarter of all queries blocked by Pi-hole

Pi-hole, the black hole for internet advertisement, is blocking nearly a quarter of all queries. The tool saves bandwidth as most ads never reach my ad-blocker. I am using #ublock to filter out the rest of the crap and to fight tracking. The internet has become a battle field just like any other place in the world. Thank you, #capitalism!

#netneutrality #adblocker #freedom #security #privacy
 
(I think) similar article for English speakers:

https://gnusocial.no/url/697996

#privacy #security

Facial recognition surveillance test extended at Berlin train station | In Depth | DW | 15.12.2017

Germany's interior minister says that a new electronic anti-crime identification system works well but needs more testing. Data protection activists, however, are very concerned about the number of false identifications.
 

#HTTP connections are dangerous via the #Tor #browser

HTTP connections can be manipulated. The content can be changed or Java script can be integrated. They are therefore always potentially at risk. It is assumed that some exit nodes in the Tor network are operated by organized crime, such as the secret services. They can change downloads via http connections to take over your system.

Better use only #https connections via Tor.

You can use NoHTTP -> https://addons.mozilla.org/en-US/firefox/addon/nohttp/
This add-on will prevent any insecure HTTP connection.

Or use Smart HTTPS -> https://addons.mozilla.org/en-US/firefox/addon/smart-https-revived/
This add-on automatically changes HTTP addresses to the secure HTTPS, and if loading encounters error, reverts it back to HTTP.
#security #privacy #onion #instructions #knowhow #firefox #intelligence #download #online #internet #itnews

NoHTTP – Add-ons for Firefox

NoHTTP – Add-ons for Firefox
 

Improve your #online safety with #advice from experts

source: https://securityplanner.org/#/all-recommendations/connect-with-specialists

#security #tracking #surfing #internet #surveillance #privacy #knowledge #browser #tools #instructions

Security Planner - Improve your online safety with tools for your needs.

Answer a few simple questions to get personalized recommendations of free and open-source software. It's confidential -- no personal information is stored, and we won't access any of your online accounts.
 

#WTF - #HP has installed a keylogger again :(

source: https://zwclose.github.io/HP-keylogger/
TL;DR: HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required).
#fail #security #notebook #surveillance #backdoor #NSA #news #warning #danger

HP keylogger

TL;DR:
HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required).
Get the list of affected hardware and patch here: https://support.hp.com/us-en/document/c05827409
 

Ethiopian Dissidents Targeted with New Commercial #Spyware

source: https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-commercial-spyware/
Our analysis of the spyware indicates it is a product known as PC #Surveillance System (PSS), a commercial spyware product with a novel #exploit-free architecture. PSS is offered by #Cyberbit — an Israel-based cyber #security #company that is a wholly-owned subsidiary of #Elbit Systems — and marketed to #intelligence and law enforcement agencies.
#Israel #economy #politics #fail #moral #ethics #problem #news https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-commercial-spyware/
 

The Ultimate #Online #Privacy #Guide

source: https://www.bestvpn.com/the-ultimate-privacy-guide/

#internet #security #knowledge #software #surveillance

The Ultimate Online Privacy Guide - BestVPN.com

In this Ultimate Guide to Privacy, we provide an in-depth look at all major areas that anyone wanting to improve their online security should consider.
 
Bild/Foto

Why is it even after all the years not allowed to check the uncensored #JFK files?

#CIA #Crime #USA #justice #politics #fail #censorship #security #secret #history #question
 


source: https://madspeitersen.deviantart.com/art/Art-meats-technology-169430851

#art #mobile #smartphone #communication #security #bigdata #privacy #technology

Art meats technology

Check out the iPhone Anatomy T-Shirt right here--> When art meets technology... Smartphones today are soo advanced and good they almost behave alive. And becomes an extension of your body No Pho...
 
#usa #export #military #backdoor #security #surveillance

It flies, and it snoops: Norway’s pricey F-35s caught sending ‘sensitive data’ to US

Norway surprised to discover its new fleet of F-35 fighter jets relay 'sensitive data' to US-manufacturer Lockheed Martin.
 

Sharing personal data, even with a party you trust, means it is out of your control and at risk of being hacked or sold.


#quote #privacy #internet #BigData #economy #security
 

#Google collects #Android users’ locations even when location services are disabled

source: https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled/
The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson.
#security #privacy #news #fail

Quartz: Google collects Android users' locations even when location services are disabled (Keith Collins)

Android phones are tracking your location even if you actively turn off location services, haven't used any apps, and haven't even inserted a carrier SIM card.
 
neuer älter
Help us to cover the server costs for snarl.de
Click here to lend your support to: Help us to cover the server costs for snarl.de!