Category: CyberSec / ITSec / Sicherheit / Security / SPAM

LANCOM Erklärung zur Vertrauenswürdigkeit
31.01.2018

Erklärung der LANCOM Systems GmbH Produkte von LANCOM sind frei von versteckten Zugangsmöglichkeiten und sonstigen unerwünschten Funktionen zur Ein- und Ausleitung oder Manipulation von Daten LANCOM Systems weiß um die Bedeutung vertrauenswürdiger Infrastrukturen für die erfolgreiche Digitalisierung von Wirtschaft und […]

Docker
29.01.2018

who is who? concepts: docker is written in Google Go by Docker Inc, SanFrancisco because it does not emulate any hardware – it is a linux container / sandbox or jail like Free BSD Jail or Solaris Zones or OpenVZ so […]

gpg verify downloaded software – no public key
27.01.2018

if you download software, you should verify that what you downloaded is not a altered file of a hacked server distributing trojan horses and keyloggers (malware). it seems for the gpg verification it is a 3 step process. 1. download […]

Bugs in Hardware – intel microcode updates
12.01.2018

update 2018-03-15: from C’t: new micro codes for intel iCPUs (2011 and onwoards) seem to fix Spectre v2 (CVE-2017-5715) 60minutes: https://www.heise.de/security/meldung/Spectre-Luecke-Intels-Microcode-Updates-fuer-Linux-und-Windows-3994347.html As Einstein already knew energy = matter = energy. great comparison: bugs in hardware – only solution: change / […]

amd arm intel cpus all got problems – Meltdown and Spectre – JavaScript could steal your Firefoxs Passwords
04.01.2018

update 2018-03-15: from C’t: new micro codes for intel iCPUs (2011 and onwoards) seem to fix Spectre v2 (CVE-2017-5715) 60minutes: https://www.heise.de/security/meldung/Spectre-Luecke-Intels-Microcode-Updates-fuer-Linux-und-Windows-3994347.html update: good overview and explanation of the situation: ARM also affected. The Meltdown + Spectre Vulnerabilities update: please checkout […]

06.08.2017

ome observers might well believe that the kernel has accumulated plenty of special-purpose virtual filesystems. Even so, 2.6.14 will include yet another one: securityfs. This filesystem is meant to be used by security modules, some of which were otherwise creating […]

06.08.2017

the mail system is a very broken and corrupted system. sending-addresses can be forged – spam from all over the world is flooding the mailboxes – viruses get attached… nobody trusts attachments anymore. it’s a completely newly C++ developed mailserver […]

Howto install and setup File Sharing Server with GNU Linux
04.08.2017

ext3+gnu_linux+samba = fast and reliable fileserver. WARNING! Security problems Versions from Version 3.5.0 to 4.6.4 (recent in May 2017 ) are affected and need to be patched! patches are available from: https://www.samba.org/samba/patches/ Unfortunately EVEN Debian9 (!!!! GUYS FIX THAT FAST […]

CentOS7 replaced firewall iptables with firewalld
27.07.2017

no iptables no more – some things change faster than you can say „beneune„… check if it is up and running: systemctl list-unit-files|grep firewall firewalld.service enabled # if not start it systemctl start firewalld check what ports are used on […]

CentOS7 Security Profiles and Software Security Flaws TopList
25.07.2017

exploits in software toplist: 2017: https://www.cvedetails.com/top-50-products.php?year=2017 All time: https://www.cvedetails.com/top-50-products.php That is why the Unix Philosophy of small, modular and beautiful matters … maybe that’s why Mr Stallmann prefers Microkernels… but well let’s be happy there is an alternative kernel to […]

07.07.2017

Atomkraft ist nicht nur im laufenden Betrieb gefährlich. KEIN DEUTSCHES Atomkraftwerk HÄLT EINEN FLUGZEUGABSTURZ STAND! Allein daran kann man schon erkennen wie kurzsichtig und Macht-Geld-getrieben diese ganze Branche funktioniert – sammt ihren politischen Kollaborateuren. FBI in Sorge: Hacking-Kampagne gegen Atomkraftwerke […]

Linux Kernel – Security Updates
27.06.2017

latest kernel related security problems can be found here… -> https://tracker.debian.org/pkg/linux newsletter subsribe: https://tracker.debian.org/accounts/login/ also https://anonscm.debian.org/cgit/kernel/linux.git http://www.securityfocus.com/ http://www.securityfocus.com/cgi-bin/index.cgi?c=11&op=display_threads&ListID=1&limit=30&offset=0&date=2017-06-20&mode=threaded https://cve.mitre.org/index.html https://twitter.com/CVEnew/ https://wiki.debian.org/DebianKernel

akamai state of the internet quarterly report
23.06.2017

https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/ https://www.akamai.com/us/en/about/news/press/2017-press/akamai-releases-first-quarter-2017-state-of-the-internet-connectivity-report.jsp security Q1 2017: https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q1-2017-state-of-the-internet-security-report.pdf connectivity: Q4 2016 https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q4-2016-state-of-the-internet-connectivity-report.pdf https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/state-of-the-internet-connectivity-visualization.jsp

20.06.2017

AES is often used in conjunction with IPSec-VPNs. K.U. Leuven, Belgium; Microsoft Research Redmond, USA; ENS Paris and Chaire France Telecom, France Abstract. Since Rijndael was chosen as the Advanced Encryption Standard, improving upon 7-round attacks on the 128-bit key […]

09.06.2017

in general programs = processes = tasks = job less is more (security) run as little software as you absolutely need – uninstall/disable all services you don’t need. less software = less lines of mistaken code = less security flaws. […]

08.06.2017

client /etc/ssh/ssh_config is for client side config – here you can for example enable StrictHostKeyChecking yes /etc/ssh/ssh_known_hosts similar to ~/.ssh/known_hosts it contains the system-wide-accepted public keys of other hosts. So if you have „StrictHostKeyChecking yes“ enabled, you could manually accept […]

gpg cheat sheed – encrypting files with gpg
08.06.2017

Warning! while gpg is very likely sound and solid encryption – what is far more likely to be compromised is YOUR HARDWARE – every network card – wifi card – usb UMTS G3 modem – PCI-Card – contains enough RAM […]

cool stuff you can do with ssh
07.06.2017

i assume you have setup public-private-key-authentication and tested its workings. run local scripts remotely You can run local scripts remotely by executing bash on the remote system and feeding it your script ssh user@host ‚bash -s‘ < script.s sftp kick […]