Category: CyberSec / ITSec / Sicherheit / Security / SPAM

Open Web Application Security Project (OWASP) online community web application security
07.08.2021

the wiki: https://en.wikipedia.org/wiki/OWASP the top 10: https://owasp.org/www-project-top-ten/2017/Top_10.html the ebook: https://github.com/OWASP/owasp-mstg/releases/download/v1.2/OWASP_MSTG-1.2.pdf the text: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/01-Test_Network_Infrastructure_Configuration the conferences: https://owasp.org/www-board/ https://www.blackhat.com/us-21/ the costs: https://training.owasp.org/ 2-part Training: $505 Member 2-part Training: $455 * For member discount code contact events ÄT owasp DOOOT com https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/ it’s […]

GNU Linux Debian – basic simple update.sh script – security-tracker.debian.org tracker status release stable – semi-manual system update method vs full automatic updates – apt can do https now: update /etc/apt/sources.list http -> https
26.07.2021

updates are a bless (fixes to problems, keep system secure from hackerz) but also a curse (it might break things) on systems that follow the UNIX K.I.S.S principle, they should “just work”, to the extreme of (kernel) live patching (currently […]

What is Right – What is Wrong – with great powers comes great responsibility (aka the “Peter-Parker-principle” (Spiderman 2002)) – Big Tech with better and betters Tools and without better Ethics Morals unkowing what is Right or Wrong
17.07.2021

in short: humans per default, without an education might just be “better” apes. Some parts of mankind behave very primitive and clearly show no signs of higher intelligence or education. The troubles start, when the tools become more and more […]

for the news junkies – how to read news in the 21st century (APPs & RSS FEEDS) – turns the user’s Android based device into an independent Open Source based news aggregator that respects the user’s privacy
16.06.2021

Yes! What RSS does NOT stand for “Rashtriya Swayamsevak Sangh” , “Nathuram Godse, who assassinated Gandhi, on January 30, 1948, was a member of the Rashtriya Swayamsevak Sangh, or R.S.S., a violent right-wing organization that promotes Hindu supremacy.” (src: HolyCow!) […]

Zehntausende Mail-Server wegen Exchange-Lücke gehackt – Cloud oder Klaut – com-magazin.de Security Newsletter
12.03.2021

scroll down to ENGLISH “Zehntausende Mail-Server wegen Exchange-Lücke gehackt.  Wegen einer vor wenigen Tagen bekanntgewordenen Sicherheitslücke sind laut US-Medienberichten Zehntausende E-Mail-Server von Unternehmen, Behörden und Bildungseinrichtungen Opfer von Hacker-Attacken geworden. “Deutsche Unternehmen sind im internationalen Vergleich besonders stark von dieser […]

TeamViewer – the ultimate security problem?
11.02.2021

convenience vs security problem: remote support via internet in COVID19 pandemic days is basically a must for many companies, but does it have to run non-stop on computers that control sensitive machines and systems such as energy and water-supply? ABSOLUTELY […]

SonicWall hardware VPNs hit by worst-case 0-zero-day-exploit attacks
23.01.2021

accroding to BleepingComputer: “zero-day vulnerability in their VPN products” (so not FallOut of SolarWinds-orion-auto-update-software-supply-chain) “…have information about hacking of a well-known firewall vendor and other security products by this they are silent and do not release press releases for their […]

hello world WRITTEN/CRISPERED into bacteria DNA
14.01.2021

proof wrong but, sorry to say but… would it not be possible that messing with bacteria DNA that by accident scientists creates new pathogens? new deadly diseases? so it’s one thing to write a program that dos “hello world” and […]