friendica.prankgo.de

Search

Items tagged with: Security

Europäische Union: Anti-Terror-Koordinator fordert Sicherheitslücken in 5G #5G #Datensicherheit #Mobilfunk #Sicherheitslücke #Telekommunikation #Security
 
Sicherheitslücke: Linksys-Router leaken offenbar alle verbundenen Geräte #Router-Lücke #Datenleck #Datensicherheit #Netzwerk #Router #Sicherheitslücke #Linksys #PC-Hardware #Security
 
So finden Sie versteckte Kameras in Ihrem Airbnb-Appartement
https://mobil.derstandard.at/2000103417876/So-finden-Sie-versteckte-Kameras-in-ihrem-Airbnb

🤣
Und die #FPÖ hat sich mit genau den von #Kickl vorgeschlagenen Maßnahmen aufdecken lassen.

#privacy #Strachevideo #security #surveillance
 

Good heavens, is it time to patch Cisco kit again? Prime Infrastructure root privileges hole plugged... Better be careful or the US Administration will ban them next as a security risk

Among a bumper crop of 57 security issues Cisco divulged on Wednesday was a fix for a trio of vulns, one critical, in networks management tool Prime Infrastructure. The latter potentially allows unauthenticated miscreants to execute arbitrary code with root privileges on PI devices.

The updates come just two days after the firm copped to a secure boot flaw in its routers that has been dubbed (pronounced Thrangrycat) by those who discovered it.

It has also been just a few months since a pile of patches addressed roughly similar problems, including a slack handful of remotely rootable vulns in Hyperflex. Over the years El Reg has written time and again about severe and critical problems with PI, including a SQL injection nasty and a method of obtaining root privs through a malformed HTTP POST request, among many others.

In the past, we do know that similar vulnerabilities that were discovered (by another large US company) used to delay their public announcements so that their own government could exploit them on foreign soil. Hopefully, that practice has died out as I'm sure any US multinational company today would not play that game and risk being banned... It's just that Cisco has had so many vulnerabilities discovered sometimes for many consecutive months in a row. If I was a smaller company/government I'd feel a bit worried about what I don'yt know.

See https://www.theregister.co.uk/2019/05/17/cisco_prime_infrastructure_critical_vuln/

#cisco #security

 
Tracking: Google zeichnet Einkäufe mittels Gmail auf #Google #Cookies #Datenschutz #Datensicherheit #E-Mail #Gmail #Onlineshop #Tracking #Internet #Security
 
Entwickler-Community: Stack Overflow meldet Server-Einbruch #Security #Datensicherheit #Passwort #Server #Internet #Softwareentwicklung
 
Botnetz & Schadsoftware: Avalanche-Drahtzieher vor Gericht #Cybercrime #Botnet #Datensicherheit #Malware #Ransomware #Trojaner #Internet #Security
 
VPN-Technik: Wireguard läuft in OpenBSD #OpenBSD #Datensicherheit #VPN #Server #Applikationen #OpenSource #Security
 
Best of the Web: Trust-Siegel verteilt Keylogger
https://www.golem.de/news/best-of-the-web-trust-siegel-verteilt-keylogger-1905-141275.html

Noch immer ohne #NoScript im Internet unterwegs? Bad idea. 😏
#security
 
New York Times: Keine russischen Trolle bei Berliner Antifas #Europawahl2019 #Datensicherheit #FBI #Hacker #Spionage #Webhosting #Server #Internet #PolitikRecht #Security
 
Project Zero: Google legt Liste von ausgenutzten Zero-Day-Lücken offen #ProjectZero #Datensicherheit #Sicherheitslücke #Google #Internet #Security
 
#unitoodailynews, #email, #security, #protonmail ProtonMail Android v1.11 release notes - ProtonMail Blog
ProtonMail Android v1.11 release notes
 
Gesetz nachgebessert: Sämtliche DSGVO-Verstöße vor Abmahnmissbrauch geschützt #Abmahnung #Bundesregierung #Cookies #DSGVO #Datenschutz #Datensicherheit #EU #Internet #PolitikRecht #Security
 
Sicherheitslücken in Titan: Google tauscht hauseigenen Fido-Stick aus #2-FA #Bluetooth #Datensicherheit #Sicherheitslücke #Titan #Google #Internet #Security
 
Bug Bounty Hunter: Mit "Hacker 101"-Tutorials zum Millionär #Hacker #Anti-Virus #BlackHat #Datensicherheit #Internet #Security
 
Microsoft: Paint bleibt und erhält Tastatursteuerung #Microsoft #Datensicherheit #Editor #Windows10 #Applikationen #Security
 
Best of the Web: Trust-Siegel verteilt Keylogger #Keylogger #Datensicherheit #Malware #Sicherheitslücke #Server #Internet #Security
 
#unitoodailynews, #email, #security, #protonmail Introducing GopenPGP, an open source encryption library for native applications - ProtonMail Blog
Introducing GopenPGP, an open source encryption library for native applications
 
Privatsphäre: Stadtrat von San Francisco verbietet Gesichtserkennung #Amazon #Cookies #Datenschutz #Datensicherheit #Gesichtserkennung #Software #Internet #PolitikRecht #Security
 

Nitrokey and Nextcloud collaborate on securing private clouds

Nitrokey develops fully open and auditable security USB keys for two-factor authentication, cryptographic key storage and much more. Their devices are developed and produced in Germany, primarily in Berlin. No overseas manufacturing is used to ensure quality and avoid hardware security breaches. The installed firmware can even be exported and verified, preventing attackers from inserting backdoors into products during shipping. Nitrokey has many other unique features, like hidden encrypted storage for plausible deniability at border checks. Learn about their offering on their website.

Self-hosting a Nextcloud gives users 100% control over their data, protecting their privacy. But privacy doesn’t exist without security and Nextcloud offers many security features like two-factor authentication (2FA), brute force protection, server and client side encryption and much more. Nitrokey’s security and encryption devices are a perfect match.

Bild/Foto
Nitrokey in action.
Bild/Foto
Nitrokey used for second factor in Nextcloud.

Second-Factor Keys


The Nitrokey Pro 2 and Nitrokey Storage 2 devices have been verified to work correctly with Nextcloud’s one-time passwords for secure two-factor authentication (2FA). This protects users’ accounts in the event of compromised passwords. Furthermore the USB keys feature a password manager, a cryptographic key store for email encryption and SSH administration. In addition the Nitrokey Storage 2 contains an encryption mass storage drive with the option of hidden volumes.

Bild/Foto
Setup in Nextcloud.
Bild/Foto
Nitrokey configuration.

Password-Less Login Experience


FIDO2 authentication makes it possible to replace insecure and complicated password logins with secure and fast login experiences across websites and apps. FIDO2 uses the W3C’s Web Authentication specification (WebAuthn) and FIDO’s Client-to-Authenticator Protocol (CTAP2), which together let users use a device to easily authenticate to online services — in both mobile and desktop environments.

In simpler terms, to log in to your Nextcloud (or another webservice) you just insert your Nitrokey and click a button or two to approve the login.

Nitrokey and Nextcloud are both starting to work on FIDO2 support and have agreed to collaborate on this, making sure Nitrokeys can be used to seamlessly log in to Nextcloud systems. More news is likely to come during the Nextcloud Conference in Berlin later this year.

Enterprise key management


Nitrokey and Nextcloud will explore further collaboration, seeking ways to provide enterprises and private users with even better, more advanced security measures in the future. One of these areas are Nextcloud installations in enterprises providing end-to-end encryption and demanding a secure way to store cryptographic keys. This is where Nitrokey HSM can provide a central key store to securely store keys and at the same time enable the organization protected access to their keys. Here Nitrokey HSM’s m-of-n access scheme allows to define a group of authorized administrators and to protect the keys against a single malicious administrator. Also, encrypted key backups are essential in order to fulfill compliance and availability requirements.
#blog, #news, #partner, #security
 
Sicherheitslücken: Adobe patcht PDF-Werkzeuge und den Flash Player #Adobe #Datensicherheit #Flash #Patchday #Sicherheitslücke #Acrobat #Applikationen #Security
 
"In our demo, we show how an attacker can monitor the websites the victim is visiting despite using the #privacy-protecting #Tor browser in a #virtualmachine."
https://zombieloadattack.com
#ZombieLoad #intel #security
 
Hashfunktion: Der nächste Nagel im Sarg von SHA-1 #SHA-1 #Datensicherheit #Git #Applikationen #Security
 
Administration: Microsoft empfiehlt ein separat abgesichertes Gerät #Microsoft #Datensicherheit #Passwort #Windows #Security
 
 
RT @sehnaoui@twitter.com

This is why you need an RFID shielded wallet. Be careful !!
#InfoSec #Security
 
Kennzeichen-Scans: Polizei Bayerns hat Kennzeichen gespeichert und ausgewertet #Datenschutz #Cookies #Datensicherheit #Polizei #PredictivePolicing #Überwachung #Internet #PolitikRecht #Security
 
Amazon Echo Dots Kids Edition: Datenschützer kritisieren Kinder-Version von Alexa #AmazonAlexa #Amazon #Cookies #Datenschutz #Datensicherheit #DigitalerAssistent #Echo #SmarterLautsprecher #Security
 

How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks - We know all nations spy and cyber is no different from conventional war as far as reinventing ideas goes

Chinese intelligence agents (not corporate Huawei) acquired National Security Agency hacking tools and repurposed them in 2016 to attack American allies and private companies in Europe and Asia, a leading cybersecurity firm has discovered. The episode is the latest evidence that the United States has lost control of key parts of its cybersecurity arsenal.

Based on the timing of the attacks and clues in the computer code, researchers with the firm Symantec believe the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers — like a gunslinger who grabs an enemy’s rifle and starts blasting away.

The Chinese action shows how proliferating cyberconflict is creating a digital wild West with few rules or certainties, and how difficult it is for the United States to keep track of the malware it uses to break into foreign networks and attack adversaries’ infrastructure.

The losses have touched off a debate within the intelligence community over whether the United States should continue to develop some of the world’s most high-tech, stealthy cyberweapons if it is unable to keep them under lock and key.

My opinion is that no-one should think backdoors or encryption busting tools are going to stay undetected or unused by one's enemies or allies alike. If you design some weakness into a system it's going to get found out. We have to all accept that the Chinese, USA, Russia, North Koreans, Germans, etc are all spying on each other as well as their allies. There is no safe glass house from which to throw your stones at another nation, especially when it comes to spying. What is unique about cyber warfare and spying is that the playing fields are often levelled in that a small innovative nation can successfully tackle a superpower.

So that said, and knowing the US has been caught spying on their German allies, we are also not sure that the Chinese themselves actually perpetrated the spying. Many nation states employ their own third parties and spying is often about deception, and these cases don't end up in open courts... so who really knows who was caught spying on who.

See https://www.nytimes.com/2019/05/06/us/politics/china-hacking-cyber.html

#spying #cyberwarfare #security

 
Report of latest launch comes days after Pyongyang fires rocket artillery and apparent short-range ballistic missile. #AsiaPacific #NorthKorea #SouthKorea #Security
 
Samsung: Forscher konnte auf Entwicklungsumgebung zugreifen #Samsung #Datenschutz #Datensicherheit #Gitlab #IoT #Sicherheitslücke #SmartHome #Techcrunch #Internet #Security
 
VPN: Erste Testversion von Wireguard für Windows verfügbar #VPN #Datensicherheit #Filesharing #Verschlüsselung #Windows #Server #OpenSource #Security
 
Abus-Überwachungskameras: Austauschprogramm statt Update #Videoüberwachung #CCC #Datensicherheit #Sicherheitslücke #Security
 
Geheim und anonym: CIA-Webseite im Tor-Netzwerk #CIA #Datensicherheit #Geheimdienste #Spionage #Tor-Netzwerk #Server #Internet #Security
 
Sicherheitsupdate: Google fixt Android-Lücke, die auf der Switch entdeckt wurde #Android #Datensicherheit #Sicherheitslücke #Security
 
Google: Datensammler verspricht Datenkontrolle #GoogleIO2019 #Cookies #Datenschutz #Datensicherheit #Gestensteuerung #GoogleIO #Kotlin #Google #Internet #Security
 

Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak - Your Backdoors and Exploits are going to get out, just a matter of when

One of the most significant events in computer security happened in April 2017, when a still-unidentified group calling itself the Shadow Brokers published a trove of the National Security Agency’s most coveted hacking tools. The leak and the subsequent repurposing of the exploits in the WannaCry and NotPetya worms that shut down computers worldwide made the theft arguably one of the NSA’s biggest operational mistakes ever.

On Monday, security firm Symantec reported that two of those advanced hacking tools were used against a host of targets starting in March 2016, fourteen months prior to the Shadow Brokers leak. An advanced persistent threat hacking group that Symantec has been tracking since 2010 somehow got access to a variant of the NSA-developed "DoublePulsar" backdoor and one of the Windows exploits the NSA used to remotely install it on targeted computers.

It's why many security researchers say if you want true security do not create exploits or bury backdoors in code. Engineers used to like embedding these in case they either needed to get into an inoperable system or as insurance if they were unfairly fired. The point is it weakens security, it always seems to get found out even if it is two years later (and many do not update their systems, and it even gets used against your own population. You either aim for totally as secure as you can make it, or you have a compromise. Totally secure means encrypted and no auto password resets. If you create weaponised code you need to plan for it being found and used against you or unintended targets.

See more about the NSA's lost tools at https://arstechnica.com/information-technology/2019/05/stolen-nsa-hacking-tools-were-used-in-the-wild-14-months-before-shadow-brokers-leak/

#NSA #security #hacking

 
Datenschutz: Google Maps bekommt Inkognito-Modus #GoogleIO2019 #Cookies #Datenschutz #Datensicherheit #GoogleIO #GoogleMaps #Google #Applikationen #Security
 
GPG/OpenPGP: BSI zertifiziert GPG für den Dienstgebrauch #BSI #Datensicherheit #E-Mail #GPG #PGP #Applikationen #Security
 
#unitoodailynews, #email, #security, #protonmail ProtonMail is dropping support for Internet Explorer 11 - ProtonMail Blog
ProtonMail is dropping support for Internet Explorer 11
 
In addition to fingerprinting, ad networks are collecting psychological data of the users. This data is primarily based on mouse movement and scroll (we can't block clicks. reasonably). Our browser blocks only those JS functions.
sourceforge.net/projects/jondo…
#anonymity #security
 

Open source security: The risk issue is unpatched software, not open source use

Many of the trends in open source use that have presented risk management challenges to organizations in previous years persist today. However, new data also suggest that an inflection point has been reached, with many organizations improving their ability to manage open source risk, possibly due to heightened awareness and the maturation of commercial software composition analysis solutions.

The 2019 Open Source Security and Risk Analysis (OSSRA) report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,200 audits of commercial applications and libraries, performed by the Black Duck Audit Services team. The report highlights trends and patterns in open source use, as well as the prevalence of both insecure open source components and license conflicts.

Many organizations are failing to patch or update their open source components. The average age of vulnerabilities identified in 2018 Black Duck Audits was 6.6 years, slightly higher than 2017 — suggesting remediation efforts haven’t improved significantly. Forty-three percent of the codebases scanned in 2018 contained vulnerabilities over 10 years old. When viewed against the backdrop of the National Vulnerability Database adding over 16,500 new vulnerabilities in 2018, its clear patch processes need to scale to accommodate increased disclosures.

The report notes that the use of open source software is not a problem in and of itself, and is, in fact, essential to software innovation. But failing to proactively identify and manage any security and license risks associated with the usage of open source components can be very damaging.

See https://www.helpnetsecurity.com/2019/05/02/open-source-security-risks/

#opensource #FOSS #security

 
#unitoodailynews, #email, #security, #protonmail Using ProtonMail for Journalism - ProtonMail Blog
Using ProtonMail for Journalism

ProtonMail Blog: Using ProtonMail for Journalism - ProtonMail Blog (Ben Wolford)

 
"Aktive Inhalte im E-Mailclient müssen deaktiviert werden. Dazu zählt die Ausführung von HTML-Code und das Nachladen externer Inhalte, die oftmals aus Design-Aspekten erlaubt sind."
https://www.heise.de/security/meldung/S-MIME-und-PGP-E-Mail-Signaturpruefung-laesst-sich-austricksen-4411230.html?wt_mc=rss.ho.beitrag.atom
#email #security
 
A2 Hosting: Webhoster seit neun Tagen von Ransomware betroffen #Ransomware #Anti-Virus #Datensicherheit #Malware #Server-Applikationen #Virus #Webhosting #Windows #Server #Security
 
Librem One: Purism startet Angebot für sichere Online-Dienste #Purism #Crowdfunding #Datensicherheit #Sicherheitslücke #XMPP #librem5 #Internet #OpenSource #Security
 
#unitoodailynews, #email, #security, #protonmail Don’t be a phishing statistic: How to protect your business - ProtonMail Blog
Don’t be a phishing statistic: How to protect your business
 
Sicherheitslücke: Treiberinstallation auf Dell-Laptops angreifbar #Dell #Datensicherheit #HTTP #Malware #Sicherheitslücke #Treiber #Applikationen #Security #Mobil
 
Datenschutz: Google ermöglich automatische Löschung der Standortdaten #Google #Datenschutz #Datensicherheit #Internet #Security
 
Later posts Earlier posts