updated:2020-08: it is not easier than ever to find the correct public key. (thanks god! why so complicated f-droid?) md5 signatures could be forged, sha512sums imho not yet, but checking those crc checksums is straight forward, all one needs is […]
for whatever reason, it is not enough to allow udp traffic on port 5900, one also needs to allow tcp traffic. /sbin/iptables -A INPUT -p tcp -m tcp –dport 5900 -j ACCEPT /sbin/iptables -A INPUT -p udp -m udp –dport […]
linux administrators should really run the almighty monitor script once and a while. while lnav is a great log viewer, it (right now) does not do a good job in catching all logs under /var/log/ and all errors. so one […]
Stay up to date on IT-Security: SmartPhones sind wie komplette Computer – Plus: noch weiterer Funktionen. D.h. eigentlich muss man die IT-Security von SmartPhones genauso handhaben wie die aller anderer Computer. D.h. Regelmäßige Updates (automatisch oder halb-automatisch, Virenscanner, Firewall… you […]
THE ECB BIRD WAS HACKED! “however, the internal system of the Bank has not been compromised” the site http://www.banks-integrated-reporting-dictionary.eu/ was taken offline. It is fascinating. The Europeans probably do not even know about “what is going on” and according to ex […]
Why is quantum computing important: optimization Update: Google claims to have reached quantum supremacy The tech giant unveiled its x-quantum computer chip Bristlecone in March 2018 (src: cnet) original nasa paper: https://drive.google.com/file/d/19lv8p1fB47z1pEZVlfDXhop082Lc-kdD/view book: https://deepai.org/machine-learning/researcher/eleanor-g-rieffel https://www.amazon.com/Quantum-Computing-Introduction-Engineering-Computation/dp/0262015064 Scott’s Supreme Quantum Supremacy FAQ! […]
screw Qualcomm, what one wants is should work out of the box with recent Linux kernels on Open Source drivers only: https://dwaves.de/2019/07/03/recommended-tested-hardware-superb-wifi-wlan-adapter-chipset-atheros-ar9285-mini-pcie-for-gnu-linux-debian-10-ubuntu-and-trisquel-8-0-test-run-on-lenovo-t440-and-librebooted-lenovo-x60s/ as far as i understand this… if you are concerned about the security of your phone… (banking apps… […]
“Linux desktop remains an unpopular choice among mainstream desktop users, making up a little more than 2% of the desktop operating system market share. This is in contrast to the web server market share, which consists of 70% of Linux-based operating systems. […]
Capitalism inspires the short sighted incentives. But trust and honesty is key in long term relationships. So for a short period of time – some dishonest people might enjoy the benefits – but in the end – it comes home […]
don’t be evil “Google controls about 62% of mobile browsers, 69% of desktop browsers, and the operating systems on 71% of mobile devices in the world. 92% of internet searches go through Google and 73% of American adults use YouTube. […]
it might sound strange… and even if it sucks, but if you are concerned about security, call me paranoid but: your company’s critical infrastructure SHALL NOT BE REACHABLE BY WIFI! (especially not if you are running a nuclear power plant, […]
servers/clients/computers/programs/services/webservers need accurate time… they usually get it from time servers that have an atomic clock attached to their USB port. (just guessing) ping time.google.com PING time.google.com (216.239.35.4) 56(84) bytes of data. 64 bytes from time2.google.com (216.239.35.4): icmp_seq=1 ttl=46 time=43.5 […]
Pwn2Own 2020: opening a pdf can be enough to compromise system! https://youtu.be/u1udr7j9MQA?t=359 thank you ccc you are doing a lovely work – make this planet more interesting by creativity and more informed about security 🙂 keep it up 🙂 https://cdn.media.ccc.de/events/gpn/gpn19/h264-hd/gpn19-45-eng-BADPDF_-_Stealing_Windows_Credentials_via_PDF_Files_hd.mp4 […]
Update: 2020.03 “The newly developed Rowhammer- attack TRRespass can crack the RAM-a security mechanism by many DDR4-DRAM-modules as well as LPDDR4 Chips. Until now, these were considered to be almost immune to Rowhammer attacks.” https://www.com-magazin.de/news/sicherheit/software-hammer-ram-schutz-attackiert-2515621.html Update: 2019.10 Zombieload is back. […]
scroll down for ENGLISH: ) OMG! Da die IT von Baltimore sich einen Ransome-Virus eingefangen hat, können die Bürger ihre Steuern und ihre Blitzer-Tickets nicht zahlen! Wunderbar! 🙂 Mit welchem Aufwand man rechnen muss, wenn man sich von der Digitalisierung […]
the best about samba: thanks for samba, it provides users with a fast (of course depends also on harddisk speed) rock-solid no-limit-to-maximum-users file-server for maximum file-transfer-and-sharing-and-storage productivity (and they will USE that T: temp drive for EVERYTHING! prepare for TERRABYTES […]
google’s security lab “project zero“ has made itself a name. (you can subscribe to their rss feed with thunderbird.) Posted by Ben Hawkes, Project Zero (team lead) (2019-05-15) Project Zero’s team mission is to “make zero-day hard”, i.e. to make […]
It is one of the most critical of digital infrastructures – update servers – thus vendors need to be EXTREEEEMELY careful how they run their update servers. they could get hacked and their downloads and updates get virus and backdoor […]
WARNING! It could also be US hackers that try to frame the Chinese. another reason, PayPal is clearly politically biased: 2010: PayPal Freezes WikiLeaks Account | WIRED https://www.wired.com/2010/12/paypal-wikileaks/ PayPal’s move comes amid mounting U.S. pressure against WikiLeaks over its cache […]
https://youtu.be/Z9z66ksWtlg one week downtime – they got backups and are not planing on paying the ransome. “Norwegian oil and gas and metallurgical Corporation Norsk Hydro was hit by the encoder LockerGoga — to stop the spread of malware, IT-specialists had […]
this is probably the most evil way of social engineering: fear makes a lot of money – but it can even kill already traumatized people. It works like this: criminals create fake profiles on dating sites / facebook / twitter […]
Update: 2020-03 it is very very confusing. on the one side the whole world is moving towards https SecurityLab, [25.03.20 15:55] “Mozilla implements an additional HTTPS Only mode in Firefox 76, in which the browser will only accept encrypted connections, […]
“The cost to companies from malware and “malicious insider”-related cyberattacks jumped +12 percent in 2018 and accounted for one-third of all cyberattack costs, according to new research published today by Accenture and the Ponemon Institute.” src: helpnetsecurity.com logical consequence: stop […]
… this is why no usb stick and no cable can be trusted… Thunderbolt / PCI-Express is having similar issues “Abstract—Direct Memory Access (DMA) attacks have beenknown for many years: DMA-enabled I/O peripherals have com-plete access to the state of […]
Unknown stole $7.7 million in cryptocurrency EOS 28 February, 2019 News Support 0 comments The attacker managed to steal $7.7 million in cryptocurrency EOS due to the negligence of one of the managers a black list. Hacking became known on […]
firewall & pinguin: iptables where do thou go? it is said that when using “ip-sets” iptables and nftables achieve almost same performance (amounts of ips possible to block, without server becoming slow/unresponsive) Redhat and nftables on DDoS “so the only […]
lately this blog gets bombarded with queries like these: which decoded are Korean SPAM? which translates as: iptables / firewalld seem not to work and have to really really figure out why. until then this is a little workaround, it […]
really don’t understand how a SoC with 3GB of RAM (!) and a 8x Core ARM can be put to the bin (as Debian GNU Linux runs on devices with as little as 1GB RAM and 2x Cores) because there […]
Updated: 2020-02 and again 2021-08 a simple: apt update apt install ffmpeg BRINGS BACK ALL THE FFMPEG GLORY! THANK YOU DEBIAN! 🙂 (and all involved) so my script works again! 🙂 (can convert almost ANY format (aac, m4a you name […]
Outlook hacked by receiving an email – fax machine – hacked by receiving a fax – Android SmartPhones hacked by vieweing a picture.png (it’s a bug in the Framework/SDK) – “great” whats next?Will SmartPhones and “THE INTERNET” be doomed “unsafe” […]