Skip to main content

Cerca

Elementi taggati con: security


 
I am adding this to block:

googleusercontent.com

Example given here.

Watch these types of links

Immagine/foto "Cyber Doc - 28 minutes ago
The Mighty James River

In an effort to be respectful to the creators/maintainers of this pod, I am trying my best to use links for my photos as opposed to directly uploading them. This was taken along the James River in Richmond, VA recently. It’s one of my many hideouts for relieving stress and getting away from humans. Happy Thursday everyone. :-)

://lh3.googleusercontent.com/V0HbnyUdYn0pjFhnhafv3Mtj8Mw-8wbQcWfhdOsYZsWuwPSEMQsCB4t4n0RyHxvg8aPi6db2Zb8yzG5LewM955xZu_GTv6u1yU8KZZPAslgkzR4UhpvwrKKtgYqHsqBbteB6byPs1XRuX1NP1oQCyt8Q9gN3jmJOQ3-T8J5T4j70A2JhUkWr7skIfFkniXLkW7Q5bDVA-5GQgHq8DxSASa04M1KAduXNTUhMmgIIX7hS9XIpKBCxDw1JKRzw_ySndkZ-s8FRzGGwPcNee_sGKEsRqnyBjD7NNVAgl994yNlnInm8gBJkh2nRv7kBO7qG8Mut21fvZuFBPejB_r-QudJD9uz8KcBOJm1OZEBLkntzJb6MoxttNw_oEHP5TNbx-442koNHXMQnIXjG3UfHS4-bnTn6RojIed5EN-uwl5eHZs4OVO3Mzz2tmlq1n1uTJHuViP8gsIzDjvf6CkbzNOu06pk_IWlU_-KhvWX9K-i3F-xHj2JHZBJeP-W_btoG7VQCfXCeH4dn6nx8moqeKJb9hvlk1k91bQ1CGAJ_xLnw_sr-X9WX-88E_I9Lt0oHFW4sVRQA_PilWmIdBcp0P2rlUh2qz5XpWToJKT67g6UmV1ZdpsakuKs8uiENfKwE=w1280-h852-no

#photography #newhere #GPlus #GPlusRefugee #RVA #Virginia #landscape"

While this user may be nobly trying to save disk space on #pluspora; what in effect is being done is to allow Google to track each and every user clicking on the link.


I'm not saying that EVERY #pluser is involved in this:

Immagine/foto

But certainly some are.

#security #bigbrother #darpa #darpa==google #privacy

 

Security





#comic #humor #iot #security #seguridad #tira

[

La entrada Security se publicó primero en Linux Hispano.
Security

 
- #Spyware on #phone #fears as #Dutton #pushes new #security #laws


A push to compel Australia's telecommunications companies to install spyware on customers' phones under broad new security plans could be "severely damaging" to the country's cybersecurity, the industry has warned.
https://www.brisbanetimes.com.au/business/companies/spyware-on-phone-fears-as-dutton-pushes-new-security-laws-20180924-p505oc.html

 

MNT Reform DIY Laptop




A free and open source modular computing platform

Goals: Security, Transparency, Hackability — All power to the user!

Thoroughly understand it on the electrical, mechanical and software levels

Take it apart, modify and upgrade it without regret

Repair it yourself with simple 3D printed parts and the hardware store

Reclaim your #privacy and #security: No microphone, camera or management engine

Specs

  • NXP i.MX6QP: 4x ARM Cortex A9 Cores at 1.2 GHz
  • NDA-Free Reference Manual
  • Vivante GC3000 GPU
  • Fully open source drivers in the Linux kernel (etnaviv) and OpenGL (mesa)
  • 4GB DDR3 RAM
  • Reprogrammable slim mechanical keyboard (Cherry ML keys)
  • Reprogrammable optical trackball
  • 5x USB2.0 (2 external, 3 internal)
  • HDMI connector
  • LVDS connector (driving 1366x768 IPS 11" panel, included)
  • Full-length MiniPCIe slot
  • Full-length mSATA slot for SSD (disk not included)
  • Full-length WWAN slot (USB2.0) and SIM-card slot
  • Gigabit Ethernet connector
  • Bootable Micro SD-Card slot
  • SPI, I2C, GPIO connectors (internal)
  • SGTL5000 soundchip with headphone connector, internal line connectors
  • LiFePo4 charger (for single 10Ah cell, included)
  • Size: 29cm x 20.3cm x 4.5cm; Weight TBA
#freesoftware #diy #hardware #libre #arm

 

MNT Reform DIY Laptop




A free and open source modular computing platform

Goals: Security, Transparency, Hackability — All power to the user!

Thoroughly understand it on the electrical, mechanical and software levels

Take it apart, modify and upgrade it without regret

Repair it yourself with simple 3D printed parts and the hardware store

Reclaim your #privacy and #security: No microphone, camera or management engine

Specs

  • NXP i.MX6QP: 4x ARM Cortex A9 Cores at 1.2 GHz
  • NDA-Free Reference Manual
  • Vivante GC3000 GPU
  • Fully open source drivers in the Linux kernel (etnaviv) and OpenGL (mesa)
  • 4GB DDR3 RAM
  • Reprogrammable slim mechanical keyboard (Cherry ML keys)
  • Reprogrammable optical trackball
  • 5x USB2.0 (2 external, 3 internal)
  • HDMI connector
  • LVDS connector (driving 1366x768 IPS 11" panel, included)
  • Full-length MiniPCIe slot
  • Full-length mSATA slot for SSD (disk not included)
  • Full-length WWAN slot (USB2.0) and SIM-card slot
  • Gigabit Ethernet connector
  • Bootable Micro SD-Card slot
  • SPI, I2C, GPIO connectors (internal)
  • SGTL5000 soundchip with headphone connector, internal line connectors
  • LiFePo4 charger (for single 10Ah cell, included)
  • Size: 29cm x 20.3cm x 4.5cm; Weight TBA
#freesoftware #diy #hardware #libre #arm

 
Hey everyone, I’m #newhere. I’m interested in #archlinux, #infosec, #it, #linux, #security, and #sysadmin.

Let's see how far this goes ;)

 

Guys while we are here, let's educate the masses, show everyone what is a good password.


Post an example in comment

#security #linux #password #anonymous

 

diasp.eu has been hacked, I hope that you didn't give your credit card details..


The passwords have been posted here :

https://pastebin.com/n9phcmx4

it was bound to happen, there is no password security in the software.. admin are not even monitoring or securing their pods, nevermind removing illegal stuffs, so they had it coming.

#security #news #diaspora #passwords #pods #podmin #podmin #scandal #diasporagate

 

New Tor Browser 8.0 No Longer Reports Every User Using Same OS

Now we no longer look the same.


Until this latest version, the Tor Browser sent headers to every site (in the GET request) that were identical for every Tor Browser user. That helped make every Tor Browser user look exactly like every other Tor Browser user. This is broken in version 8.0. Now, our OS is correctly reported.

Prove it to yourself. Load this page. https://pgl.yoyo.org/http/browser-headers.php These are the headers sent with your GET request for that page.

Here's what mine look like.

Host: pgl.yoyo.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1

Used to be, every Tor Browser's headers were identical, but I'll bet yours now look different from mine. The part of the useragent in parentheses very probably is different from mine.

Now look in about:config for general.useragent.override. See the value there? Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0. When I put this value into Pale Moon, this is the useragent that is sent to sites. Not so in the new Tor Browser. This, IMNAAHO, is a serious bug.

Others have noticed this too, and they're complaining to Tor. Look in the comments here. https://blog.torproject.org/new-release-tor-browser-80

#tor #tor-browser #torbrowser #privacy #surveillance #agent #user-agent #useragent #security #linux #macos #fingerprinting

 

New Tor Browser 8.0 No Longer Reports Every User Using Same OS

Now we no longer look the same.


Until this latest version, the Tor Browser sent headers to every site (in the GET request) that were identical for every Tor Browser user. That helped make every Tor Browser user look exactly like every other Tor Browser user. This is broken in version 8.0. Now, our OS is correctly reported.

Prove it to yourself. Load this page. https://pgl.yoyo.org/http/browser-headers.php These are the headers sent with your GET request for that page.

Here's what mine look like.

Host: pgl.yoyo.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1

Used to be, every Tor Browser's headers were identical, but I'll bet yours now look different from mine. The part of the useragent in parentheses very probably is different from mine.

Now look in about:config for general.useragent.override. See the value there? Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0. When I put this value into Pale Moon, this is the useragent that is sent to sites. Not so in the new Tor Browser. This, IMNAAHO, is a serious bug.

Others have noticed this too, and they're complaining to Tor. Look in the comments here. https://blog.torproject.org/new-release-tor-browser-80

#tor #tor-browser #torbrowser #privacy #surveillance #agent #user-agent #useragent #security #linux #macos #fingerprinting

 
- #Airport #Security #Bins Have More #Cold #Germs than #Toilets, #Study #Finds


Airport security bins could be hotspots for emerging pandemics, according to a new study from an international team of researchers.
https://interestingengineering.com/airport-security-bins-have-more-cold-germs-than-toilets-study-finds

 

Parola filtrata: nsfw


 

Sensitive Data Exposure via WiFi Broadcasts in Android OS [CVE-2018-9489]

System broadcasts by Android OS expose information about the user’s device to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address. Some of this information (MAC address) is no longer available via APIs on Android 6 and higher, and extra permissions are normally required to access the rest of this information. However, by listening to these broadcasts, any application on the device can capture this information thus bypassing any permission checks and existing mitigations.
https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/

\#android #vulnerability #security #privacy

 

The pain of HSTS and the ever expanding list of TLD's...


HTTP Strict Transport Security is a very nice feature. By returning a response with this header set from a properly configured HTTPS site, you instruct the browsers to don't try to contact your server over unsecured channels again. At least until the validity of the header times out. Even better, by submitting your domain to google, they'll put it on a list that is embedded by all the major browsers, so that the browser will insist on using a secured channel even the first time it connects to your server. Great stuff, you should use it!

Now I maintain the code for a few web sites, and as a precaution against my own fuck-ups, I have set up a virtual mirror of my hosting environments as a staging area. That is where I deploy my code once I think I have done something useful to it, and if it works there, I go on and deploy it to the actual production servers. Again, VirtualBox makes this easy and straight forward to do.

The final piece of the puzzle is of course to hack the hosts file on my system so that Server Name Indication (SNI) works as it should on my virtual staging boxes. Since I don't want to block access to the production servers I have created my own internal TLD (.dev as it happens,) and use names under that TLD to reach my staging setups. This has worked flawlessly for a long time.

Just this weekend I had to pick up an old project for some fairly simple fixes. The code changes didn't take much time, deploying to the staging server is always more painful, but not more than usual. It's when I point my web browser to the staging site to see that everything works the pain begins... Firefox helpfully informs me that the site is using HSTS, so a self signed cert will not do, thank you! Qutebrowser just hangs around and does nothing... Curl is happy giving me the site, as long as I tell it to not be too picky about the cert. So I know the server is working, and as expected the returned headers don't mention anything at all about HTTP Strict Transport Security. No matter how sternly I frown, nothing can convince Firefox or Qutebrowser to show me my site.

Checking https://hstspreload.org to see if some nuthead has submittet my internal site to the HSTS preload list, and sure enough - there it is! That's when I discovered Google has registered the .dev top level domain, and I'll have to find myself another one for my internal tests. That means reconfiguring my staging vms, regenerating certs and changing my hosts files as well. Hopefully I can find something that will never be an official TLD, so nobody will submit any name that matches mine to the HSTS preload list.

Grumpf!

\#hsts #tld #webdev #tls #security #programming

 
Somit ist Telegram entgültig nicht mehr zu empfehlen!
♲ kuketzblog@pod.geraspora.de:

Telegram: Kooperation mit den Behörden bei Terrorverdacht zugesagt

[l]
#messenger #Telegram #datenschutz #privacy #security

 
Somit ist Telegram entgültig nicht mehr zu empfehlen!
♲ kuketzblog@pod.geraspora.de:

Telegram: Kooperation mit den Behörden bei Terrorverdacht zugesagt

[l]
#messenger #Telegram #datenschutz #privacy #security

 
- #Intel #Publishes #Microcode #Security #Patches, No #Benchmarking Or #Comparison Allowed!
Intel is updating its loadable CPU microcode to handle various side-channel and timing attacks. There is a new license term applied to the new microcode
https://perens.com/2018/08/22/new-intel-microcode-license-restriction-is-not-acceptable/

 

Why Is Privacy Important?


Privacy Gives Us Dignity and Decency

I feel safe in assuming that all of you reading this (unless you are an inmate in a prison) use the toilet alone. No one watches you. You don’t want anyone to watch you.

But why do you shut the door? Is it because what you’re doing is a secret? Hardly! Is it because what you’re doing is immoral? Certainly not! You shut the door because what you’re doing is private. Forcing prison inmates to use the toilet in front of others is part of their punishment.

We all understand, instinctively, that watching someone shower, watching someone undress, watching someone use the toilet, and reading someone’s private journal is indecent and abusive. We understand, if we’re not mentally ill, that invading someone’s privacy is immoral.

Privacy Gives Us Safety

To be an effective identity thief, you need to know as much about your victim as possible. The less privacy your potential victims have, the more vulnerable they are.

In the United States, political parties are allowed to copy the government’s list of registered voters, which includes full names and addresses. Imagine that you have been physically abused by a former spouse. Would you want to register to vote?

Presently, in America, police are saying they want to be able to “hack into” our electronic devices whenever they have a warrant. However, for this to be possible, our devices have to have a defect that makes this possible. It’s bad enough that our devices often have unintentional defects that make them vulnerable. Who would want a device that is defective by design?

Weakening our security might make life easier for police, but in doing so it also makes life easier for criminals. It’s small comfort to know, after we become victims, that the criminals will be prosecuted. We don’t need more crime prosecution; we need more crime prevention.

We don’t need to trade away privacy for safety because privacy is a necessary precondition for safety. Security and privacy are pretty much the same thing.

Privacy Gives Us a Chance to Change the World for the Better

Every social movement that’s changed the world for the better, from abolishing slavery to defeating Hitler, has needed to plan without being effectively spied upon. If we, either individually or in groups, are to change our world for the better in the future, we’re going to need to be able to organize and plan privately.
This is from a ZeroNet zite I've been working on once in while for a couple of months.

#privacy #surveillance #security #liberty #freedom

 

Why Is Privacy Important?


Privacy Gives Us Dignity and Decency

I feel safe in assuming that all of you reading this (unless you are an inmate in a prison) use the toilet alone. No one watches you. You don’t want anyone to watch you.

But why do you shut the door? Is it because what you’re doing is a secret? Hardly! Is it because what you’re doing is immoral? Certainly not! You shut the door because what you’re doing is private. Forcing prison inmates to use the toilet in front of others is part of their punishment.

We all understand, instinctively, that watching someone shower, watching someone undress, watching someone use the toilet, and reading someone’s private journal is indecent and abusive. We understand, if we’re not mentally ill, that invading someone’s privacy is immoral.

Privacy Gives Us Safety

To be an effective identity thief, you need to know as much about your victim as possible. The less privacy your potential victims have, the more vulnerable they are.

In the United States, political parties are allowed to copy the government’s list of registered voters, which includes full names and addresses. Imagine that you have been physically abused by a former spouse. Would you want to register to vote?

Presently, in America, police are saying they want to be able to “hack into” our electronic devices whenever they have a warrant. However, for this to be possible, our devices have to have a defect that makes this possible. It’s bad enough that our devices often have unintentional defects that make them vulnerable. Who would want a device that is defective by design?

Weakening our security might make life easier for police, but in doing so it also makes life easier for criminals. It’s small comfort to know, after we become victims, that the criminals will be prosecuted. We don’t need more crime prosecution; we need more crime prevention.

We don’t need to trade away privacy for safety because privacy is a necessary precondition for safety. Security and privacy are pretty much the same thing.

Privacy Gives Us a Chance to Change the World for the Better

Every social movement that’s changed the world for the better, from abolishing slavery to defeating Hitler, has needed to plan without being effectively spied upon. If we, either individually or in groups, are to change our world for the better in the future, we’re going to need to be able to organize and plan privately.
This is from a ZeroNet zite I've been working on once in while for a couple of months.

#privacy #surveillance #security #liberty #freedom

 

Debsecan: Reportes y parches de seguridad en Debian


https://www.ochobitshacenunbyte.com/2018/08/17/debsecan-reportes-y-parches-de-seguridad-en-debian

#debian #debsecan #linux #security #sysadmin
Debsecan: Reportes y parches de seguridad en Debian

 

Voting Machines Used In 18 States Can Be Hacked In Under Two Minutes


see:

#hack #defcon #fail #security #election #politics #usa #technology #news #vote

 
Best Free Linux Password Managers https://www.linuxlinks.com/best-free-linux-password-managers/ #gnu #linux #security
Best Free Linux Password Managers

 
Best Free Linux Password Managers https://www.linuxlinks.com/best-free-linux-password-managers/ #gnu #linux #security
Best Free Linux Password Managers

 
Putting #Stickers On Your #Laptop Is Probably a #Bad #Security #Idea
Immagine/foto
From border crossings to hacking conferences, that Bitcoin or political sticker may be worth leaving on a case at home.
https://motherboard.vice.com/en_us/article/pawvnk/stickers-on-laptop-operational-security-bad-idea

 

XMPP Notifications for Freedombone


This is from the Freedombone blog:
Another of the features I'd wanted to add to Freedombone for a long time was server notifications via XMPP, and now that has been added. This is for things like notification that an upgrade or security test has failed or that the tripwire has been triggered. Previously those notifications were only via email, but I'm not very obsessive about email and rarely check it, whereas instant messages are much more likely to get my attention.
The security policy for XMPP chat was previously set such that end-to-end security was required, but it was difficult to automatically send out an OMEMO encrypted message from the server and so I've had to downgrade end-to-end security to being optional. This is not ideal, but the tradeoff between having to deal with folks trying to send me plaintext messages and being promptly alerted if something has failed on the server is probably worth it. Longer term I'd like to figure out if I can automatically generate OMEMO messages and then I can return to a better security policy.
The main factor which delayed the implementation of this was the question of needing to generate a separate XMPP account on the server to push out notifications. I didn't really want there to be a permanent separate account with a password lingering around somewhere which could become a possible security vulnerability. The solution to this was to generate an ephemeral account purely for the purpose of sending a single message. A new notification XMPP account gets created with a random password, sends the message and then about one second later the account is deleted. Even if the account credentials were to leak during the sending of a plaintext message they can't subsequently be useful to a potential adversary.
Another addition to the notifications system is being able to send a webcam photo if the USB canary is triggered. The purpose of that is to answer the paranoid question "Is anyone trying to mess with the server while I'm not at home?" if you're out shopping or at work. The particular threat model is known as evil maid. If you're running Freedombone on an old laptop and have a secondary webcam plugged it it will preferentially use that, so that you can set up the field of view appropriately. Not many people will need this level of physical device security, but it's nice to have the option. Also if you have the Syncthing app installed then any USB canary photo will be synced to the admin account.
#xmpp #freedombone #debian #omemo #webcam #security #syncthing

 
Vulnerabilities Found in the Firmware of 25 Android Smartphone Models




#BleepingComputer #Security #Android #Smartphone #ZTE #Vivo #Sony #SKY #Plum #Orboc #Oppo #Nokia #MXQ #LG #Leagoo #Doogee #Coolpad #Asus #Alcatel