Category: CyberSec / ITSec / Sicherheit / Security / SPAM

Howto install and setup File Sharing Server with GNU Linux
04.08.2017

ext3+gnu_linux+samba = fast and reliable fileserver. WARNING! Security problems Versions from Version 3.5.0 to 4.6.4 (recent in May 2017 ) are affected and need to be patched! patches are available from: https://www.samba.org/samba/patches/ Unfortunately EVEN Debian9 (!!!! GUYS FIX THAT FAST […]

CentOS7 replaced firewall iptables with firewalld
27.07.2017

no iptables no more – some things change faster than you can say „beneune„… check if it is up and running: systemctl list-unit-files|grep firewall firewalld.service enabled open a port, permanently: firewall-cmd –zone=public –add-port=80/tcp –permanent firewall-cmd –reload „The former firewall model […]

CentOS7 Security Profiles and Software Security Flaws TopList
25.07.2017

exploits in software toplist: 2017: https://www.cvedetails.com/top-50-products.php?year=2017 All time: https://www.cvedetails.com/top-50-products.php That is why the Unix Philosophy of small, modular and beautiful matters … maybe that’s why Mr Stallmann prefers Microkernels… but well let’s be happy there is an alternative kernel to […]

07.07.2017

Atomkraft ist nicht nur im laufenden Betrieb gefährlich. KEIN DEUTSCHES Atomkraftwerk HÄLT EINEN FLUGZEUGABSTURZ STAND! Allein daran kann man schon erkennen wie kurzsichtig und Macht-Geld-getrieben diese ganze Branche funktioniert – sammt ihren politischen Kollaborateuren. FBI in Sorge: Hacking-Kampagne gegen Atomkraftwerke […]

Linux Kernel – Security Updates
27.06.2017

latest kernel related security problems can be found here… -> https://tracker.debian.org/pkg/linux newsletter subsribe: https://tracker.debian.org/accounts/login/ also https://anonscm.debian.org/cgit/kernel/linux.git http://www.securityfocus.com/ http://www.securityfocus.com/cgi-bin/index.cgi?c=11&op=display_threads&ListID=1&limit=30&offset=0&date=2017-06-20&mode=threaded https://cve.mitre.org/index.html https://twitter.com/CVEnew/ https://wiki.debian.org/DebianKernel

akamai state of the internet quarterly report
23.06.2017

https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/ https://www.akamai.com/us/en/about/news/press/2017-press/akamai-releases-first-quarter-2017-state-of-the-internet-connectivity-report.jsp security Q1 2017: https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q1-2017-state-of-the-internet-security-report.pdf connectivity: Q4 2016 https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q4-2016-state-of-the-internet-connectivity-report.pdf https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/state-of-the-internet-connectivity-visualization.jsp

20.06.2017

AES is often used in conjunction with IPSec-VPNs. K.U. Leuven, Belgium; Microsoft Research Redmond, USA; ENS Paris and Chaire France Telecom, France Abstract. Since Rijndael was chosen as the Advanced Encryption Standard, improving upon 7-round attacks on the 128-bit key […]

09.06.2017

in general programs = processes = tasks = job less is more (security) run as little software as you absolutely need – uninstall/disable all services you don’t need. less software = less lines of mistaken code = less security flaws. […]

08.06.2017

client /etc/ssh/ssh_config is for client side config – here you can for example enable StrictHostKeyChecking yes /etc/ssh/ssh_known_hosts similar to ~/.ssh/known_hosts it contains the system-wide-accepted public keys of other hosts. So if you have „StrictHostKeyChecking yes“ enabled, you could manually accept […]

gpg cheat sheed – encrypting files with gpg
08.06.2017

Warning! while gpg is very likely sound and solid encryption – what is far more likely to be compromised is YOUR HARDWARE – every network card – wifi card – usb UMTS G3 modem – PCI-Card – contains enough RAM […]

cool stuff you can do with ssh
07.06.2017

i assume you have setup public-private-key-authentication and tested its workings. run local scripts remotely You can run local scripts remotely by executing bash on the remote system and feeding it your script ssh user@host ‚bash -s‘ < script.s sftp kick […]

02.06.2017

whenever you have a linux desktop (KDE, Gnome2-3) you use the x-server and a client (window-manager like lightdm) to connect to it. They communicate via network thus allowing to redirect the grafical output of remotely-run programs to the local display. […]

password protect encrypt files with vim and vi
02.06.2017

it’s amazing… try this: open up a text file Hit ESC (command mode) :X now vim / vi will ask you for a password if you know save and quit and reopen the file it detects that the file was […]

installing lilo boot loader on debian8 – just because you can
30.05.2017

uname -a; # tested with Linux debian 3.16.0-4-686-pae #1 SMP Debian 3.16.43-2 (2017-04-30) i686 GNU/Linux su; # become root apt-get update; apt-get install lilo; # install the thing liloconfig; # generate config file /sbin/lilo; # install lilo to mbr enjoy […]

25.05.2017

„Trump-Modus“: 1Password entfernt Passwörter temporär für GrenzkontrollenNutzer können in dem Passwort-Manager hinterlegte Zugangsdaten nun leicht von all ihren Geräten entfernen – und später wieder hinzufügen. Dies soll verhindern, dass Grenzbeamte bei Kontrollen Einblick in die Daten erlangen. › Artikel lesen     […]

16.05.2017

this article might be largely incomplete… kernel ringbuffer boot messages messages from the kernel during first stages of boot. # all distros dmesg; # show kernel ring buffer boot messages log # Centos7 only (debian8 has the file but it […]

13.05.2017

Ransomware hitting a new dimension – with the NSA-backdoors pre-installed in a lot of soft and hardware (check out Intel AMT/ME disaster) – hackers/attackers are trying to find and exploit those in order to make some profit. Millions of € […]

remote desktop linux – ssh encrypted tunnelling of grafical output of programs vnc
08.05.2017

checkout vnc section of: http://dwaves.de/2018/05/07/getting-started-with-raspberry-pi-2-model-b-v1-1-vs-odroid-xu4-vnc-display-0-and-1/ if you have ssh setup and running… (you might need to configure your router to let ssh through) you can neatly do filestransfer (SFTP) or even remote desktop interaction with your server. forwarding grafical output […]

06.05.2017

Da haben wir es – Bequemlichkeit vs Privatsphäre 😀 Es ist sehr schade/seltsam – dass es scheinbar neben dem ActiveSync / ExchangeProtokoll von Microsoft – dere Android / Linux implementation leider nicht 100%tig funktioniert – kein anderes Open-Protokoll gibt – […]

linux ssh – generate public private keys
05.05.2017

giving a passphrase seems like a good idea – because it will protect your key (if passphrase is sufficiently strong) if it get’s stolen. So even if somebody manages to hack into your client and steal your private ssh-key – […]