with security there is no “done”
there is just constant iterations of the question:
- is my system safe?
- Did i leave any doors (too wide) open?
- Am i allowing any unsafe programs/services?
- How can i protect users and data?
- Does my backup and restore (!!!) procedure work?
- you should ALWAYS have one complete backup at a separate place not physically connected to your company’s network
- Also test: how long will it take to restore the backup?
- the more data, the slower the USB port, the longer it will take to restore
- what services are save or not save to use from within the Company-NET?
Humans make mistakes and thus in Open Source just as in Closed Source concepts and software (and even hardware) there can will be bugs and flaws that can be exploited to allow malicious access to systems and data (mostly in order to exploit it for money or bitcoin mining or DDoS attacks on other hosts or sabotage (halt infrastructure, cause dataloss for quiet a significant amount of time (also hospitals can get virus infections… not funny!)).
Example: Microsoft’s File Sharing system “Server Message Block” (SMB), one version of which was also known as “Common Internet File System” (CIFS) had a (we hope not on purpose?) DESIGN-CONCEPT (!) flaw in (SMBv1) of the protocol, which allowed the Ethernal Blue exploit to basically get into any Windows AND (!) LINUX system (samba) that was running it.
Let yourself be educated by security researches on a regular basis – to estimate – what is possible today – and maybe in the future – and do your best to stay safe.
Update your knowledge! Update your software (but before: Power down and backup, or maybe on an identical non-production test-system to see what the update could fix but also break (yes updates do those things))
backup the backup! X-D
Events to attend:
it security Blogs / Blogger / Mailing Lists / Newsletters / rss feeds:
you can subscribe to RSS feeds via Thunderbird! 🙂
Golem rss feed security: https://rss.golem.de/rss.php?tp=sec&feed=RSS2.0
- Aktuelle News von heise Security via rss
- Aktuelle Security-Warnungen
Databases of IT Vulnerabilities: CVE: Common Vulnerabilities Exposures
by vendor: https://www.cvedetails.com/vendor.php
list of ips of malicious hosts:
let’s you check if the ip you are browsing with related to any cyber security problems
Linux specific news and updates:
PenTesting Service providers:
so you think you did all you can do? have yourself tested!
what if your SmartPhone gets hacked and dials expensive numbers?
also checkout: “StealthCalls”
congratulations to Google: The made Android the Number #1 – much to the horror of Microsoft – that tries to counter with increased lobbying. The problem of a market leader: how to stay secure – you have just become a major target that is attractive to be attacked. Android with Linux Kernel… how long will you be save?
HP FIRMWARE HACK VIA FAX! ? HP YOU MUST BE KIDDING US ALL! https://mirror-1.server.selfnet.de/CCC/congress/2018/h264-hd/35c3-9462-eng-What_The_Fax.mp4
not sure if this is real or scam: https://www.simpliv.com/search/sub-category/cybersecurity
“GREAT” – thanks to all involved!
Qualcomm but also Cisco are all US based manufacturers known to implement backdoors ON PURPOSE probably for gov agencies to spy and collect data on you – the citizen – that they are so afraid of.
“We are also having tough times with GPS: all the GPS chips found in the Android phones we support implement a secret and non-documented protocol that we just cannot figure out.” (src)
it is called: is it a bug or a feature?
deliberate security holes – now also in the Intel Management Engine
Google and FSB, CAN YOU FIX THIS HOLE? IT ANNOYS EUROPE! THANKS 🙂
tweets / twitter: