Skip to main content

Cerca

Elementi taggati con: security


 


source: https://www.commondreams.org/views/2018/02/15/11004-gun-murders-us-vs-26-equiv-130-england-annually

11,004 Gun Murders in US vs. 26 (equiv. 130) in England Annually


#news #statistics #guns #kill #murder #crime #problem #usa #policy #fail #security #police

 


source: https://www.commondreams.org/views/2018/02/15/11004-gun-murders-us-vs-26-equiv-130-england-annually

11,004 Gun Murders in US vs. 26 (equiv. 130) in England Annually


#news #statistics #guns #kill #murder #crime #problem #usa #policy #fail #security #police

 
#chrome #privacy #security

 
@niebegegnet i know how that feels.. i've had a #shiftphone (to support a #startup) until recently and i've been extremely unsatisfied... i bought that in december 2016, and got a single #update in summer 2017 (that was patch level march 2017) - and that's it! the phone is not even 2 years old, but i needed to #trash it as it always felt painful to use it (with sooo many known #security issues...)

 
just upgraded my #lineageos to get androids #security patch level for #november

take that as a #reminder to upgrade your phones, laptops, pcs, tvs, cars, microwaves... :)

 

The Coming Software Apocalypse


James Somers

https://www.theatlantic.com/technology/archive/2017/09/saving-the-world-from-code/540393/
“Even very good programmers are struggling to make sense of the systems that they are working with,” says Chris Granger, a software developer who worked as a lead at Microsoft on Visual Studio, an IDE that costs $1,199 a year and is used by nearly a third of all professional programmers. He told me that while he was at Microsoft, he arranged an end-to-end study of Visual Studio, the only one that had ever been done. For a month and a half, he watched behind a one-way mirror as people wrote code. “How do they use tools? How do they think?” he said. “How do they sit at the computer, do they touch the mouse, do they not touch the mouse? All these things that we have dogma around that we haven’t actually tested empirically.”

Michael Barr, an expert witness for the plaintiff, had a team of software experts spend 18 months with the Toyota code, picking up where NASA left off. Barr described what they found as “spaghetti code,” programmer lingo for software that has become a tangled mess. Code turns to spaghetti when it accretes over many years, with feature after feature piling on top of, and being woven around, what’s already there; eventually the code becomes impossible to follow, let alone to test exhaustively for flaws.
#freesoftware, #opensource, #software, #security

 
#LibreOffice 6.0.7 and 6.1.3 Updated to Integrate a Security Patch with Improved Quality and Stability https://appuals.com/libreoffice-6-0-7-and-6-1-3-updated-to-integrate-a-security-patch-with-improved-quality-and-stability/ #freesw #security #tdf
LibreOffice 6.0.7 and 6.1.3 Updated to Integrate a Security Patch with Improved Quality and Stability

 
#LibreOffice 6.0.7 and 6.1.3 Updated to Integrate a Security Patch with Improved Quality and Stability https://appuals.com/libreoffice-6-0-7-and-6-1-3-updated-to-integrate-a-security-patch-with-improved-quality-and-stability/ #freesw #security #tdf
LibreOffice 6.0.7 and 6.1.3 Updated to Integrate a Security Patch with Improved Quality and Stability

 
Immagine/foto

Weird calllog chat box appearing in Skype


Interesting, weird and fun bug indeed, happened to me as well (yes, I still sometimes have to use #Skype, albeit I don't have to let it outside of the web browser anymore).
After finishing a call, a new chat appears titled "calllogs". It appears as if my account has just sent a direct message to a Skype account called "calllogs". Here's a screenshot from my browser (I use the dark theme).
Curious if any of you noticed this happening as well.

Of course it may seem crazy to think that this is a bug related to PRISM or things like that, although speaking about probabilities, the chance is not 0%, since we know these systems exist and Skype is included.

But the interesting point for me here is that it shows the opaqueness of closed-source proprietary systems. Whatever they say, they can't prove it - since they can't show us the source code before and after fixing the bug, they can't demonstrate how it happened.

#skype #privacy #security

 
I am adding this to block:

googleusercontent.com

Example given here.

Watch these types of links

Immagine/foto "Cyber Doc - 28 minutes ago
The Mighty James River

In an effort to be respectful to the creators/maintainers of this pod, I am trying my best to use links for my photos as opposed to directly uploading them. This was taken along the James River in Richmond, VA recently. It’s one of my many hideouts for relieving stress and getting away from humans. Happy Thursday everyone. :-)

://lh3.googleusercontent.com/V0HbnyUdYn0pjFhnhafv3Mtj8Mw-8wbQcWfhdOsYZsWuwPSEMQsCB4t4n0RyHxvg8aPi6db2Zb8yzG5LewM955xZu_GTv6u1yU8KZZPAslgkzR4UhpvwrKKtgYqHsqBbteB6byPs1XRuX1NP1oQCyt8Q9gN3jmJOQ3-T8J5T4j70A2JhUkWr7skIfFkniXLkW7Q5bDVA-5GQgHq8DxSASa04M1KAduXNTUhMmgIIX7hS9XIpKBCxDw1JKRzw_ySndkZ-s8FRzGGwPcNee_sGKEsRqnyBjD7NNVAgl994yNlnInm8gBJkh2nRv7kBO7qG8Mut21fvZuFBPejB_r-QudJD9uz8KcBOJm1OZEBLkntzJb6MoxttNw_oEHP5TNbx-442koNHXMQnIXjG3UfHS4-bnTn6RojIed5EN-uwl5eHZs4OVO3Mzz2tmlq1n1uTJHuViP8gsIzDjvf6CkbzNOu06pk_IWlU_-KhvWX9K-i3F-xHj2JHZBJeP-W_btoG7VQCfXCeH4dn6nx8moqeKJb9hvlk1k91bQ1CGAJ_xLnw_sr-X9WX-88E_I9Lt0oHFW4sVRQA_PilWmIdBcp0P2rlUh2qz5XpWToJKT67g6UmV1ZdpsakuKs8uiENfKwE=w1280-h852-no

#photography #newhere #GPlus #GPlusRefugee #RVA #Virginia #landscape"

While this user may be nobly trying to save disk space on #pluspora; what in effect is being done is to allow Google to track each and every user clicking on the link.


I'm not saying that EVERY #pluser is involved in this:

Immagine/foto

But certainly some are.

#security #bigbrother #darpa #darpa==google #privacy

 

Security





#comic #humor #iot #security #seguridad #tira

[

La entrada Security se publicó primero en Linux Hispano.
Security

 
- #Spyware on #phone #fears as #Dutton #pushes new #security #laws


A push to compel Australia's telecommunications companies to install spyware on customers' phones under broad new security plans could be "severely damaging" to the country's cybersecurity, the industry has warned.
https://www.brisbanetimes.com.au/business/companies/spyware-on-phone-fears-as-dutton-pushes-new-security-laws-20180924-p505oc.html

 

MNT Reform DIY Laptop




A free and open source modular computing platform

Goals: Security, Transparency, Hackability — All power to the user!

Thoroughly understand it on the electrical, mechanical and software levels

Take it apart, modify and upgrade it without regret

Repair it yourself with simple 3D printed parts and the hardware store

Reclaim your #privacy and #security: No microphone, camera or management engine

Specs

  • NXP i.MX6QP: 4x ARM Cortex A9 Cores at 1.2 GHz
  • NDA-Free Reference Manual
  • Vivante GC3000 GPU
  • Fully open source drivers in the Linux kernel (etnaviv) and OpenGL (mesa)
  • 4GB DDR3 RAM
  • Reprogrammable slim mechanical keyboard (Cherry ML keys)
  • Reprogrammable optical trackball
  • 5x USB2.0 (2 external, 3 internal)
  • HDMI connector
  • LVDS connector (driving 1366x768 IPS 11" panel, included)
  • Full-length MiniPCIe slot
  • Full-length mSATA slot for SSD (disk not included)
  • Full-length WWAN slot (USB2.0) and SIM-card slot
  • Gigabit Ethernet connector
  • Bootable Micro SD-Card slot
  • SPI, I2C, GPIO connectors (internal)
  • SGTL5000 soundchip with headphone connector, internal line connectors
  • LiFePo4 charger (for single 10Ah cell, included)
  • Size: 29cm x 20.3cm x 4.5cm; Weight TBA
#freesoftware #diy #hardware #libre #arm

 

MNT Reform DIY Laptop




A free and open source modular computing platform

Goals: Security, Transparency, Hackability — All power to the user!

Thoroughly understand it on the electrical, mechanical and software levels

Take it apart, modify and upgrade it without regret

Repair it yourself with simple 3D printed parts and the hardware store

Reclaim your #privacy and #security: No microphone, camera or management engine

Specs

  • NXP i.MX6QP: 4x ARM Cortex A9 Cores at 1.2 GHz
  • NDA-Free Reference Manual
  • Vivante GC3000 GPU
  • Fully open source drivers in the Linux kernel (etnaviv) and OpenGL (mesa)
  • 4GB DDR3 RAM
  • Reprogrammable slim mechanical keyboard (Cherry ML keys)
  • Reprogrammable optical trackball
  • 5x USB2.0 (2 external, 3 internal)
  • HDMI connector
  • LVDS connector (driving 1366x768 IPS 11" panel, included)
  • Full-length MiniPCIe slot
  • Full-length mSATA slot for SSD (disk not included)
  • Full-length WWAN slot (USB2.0) and SIM-card slot
  • Gigabit Ethernet connector
  • Bootable Micro SD-Card slot
  • SPI, I2C, GPIO connectors (internal)
  • SGTL5000 soundchip with headphone connector, internal line connectors
  • LiFePo4 charger (for single 10Ah cell, included)
  • Size: 29cm x 20.3cm x 4.5cm; Weight TBA
#freesoftware #diy #hardware #libre #arm

 
Hey everyone, I’m #newhere. I’m interested in #archlinux, #infosec, #it, #linux, #security, and #sysadmin.

Let's see how far this goes ;)

 

Guys while we are here, let's educate the masses, show everyone what is a good password.


Post an example in comment

#security #linux #password #anonymous

 

diasp.eu has been hacked, I hope that you didn't give your credit card details..


The passwords have been posted here :

https://pastebin.com/n9phcmx4

it was bound to happen, there is no password security in the software.. admin are not even monitoring or securing their pods, nevermind removing illegal stuffs, so they had it coming.

#security #news #diaspora #passwords #pods #podmin #podmin #scandal #diasporagate

 

New Tor Browser 8.0 No Longer Reports Every User Using Same OS

Now we no longer look the same.


Until this latest version, the Tor Browser sent headers to every site (in the GET request) that were identical for every Tor Browser user. That helped make every Tor Browser user look exactly like every other Tor Browser user. This is broken in version 8.0. Now, our OS is correctly reported.

Prove it to yourself. Load this page. https://pgl.yoyo.org/http/browser-headers.php These are the headers sent with your GET request for that page.

Here's what mine look like.

Host: pgl.yoyo.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1

Used to be, every Tor Browser's headers were identical, but I'll bet yours now look different from mine. The part of the useragent in parentheses very probably is different from mine.

Now look in about:config for general.useragent.override. See the value there? Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0. When I put this value into Pale Moon, this is the useragent that is sent to sites. Not so in the new Tor Browser. This, IMNAAHO, is a serious bug.

Others have noticed this too, and they're complaining to Tor. Look in the comments here. https://blog.torproject.org/new-release-tor-browser-80

#tor #tor-browser #torbrowser #privacy #surveillance #agent #user-agent #useragent #security #linux #macos #fingerprinting

 

New Tor Browser 8.0 No Longer Reports Every User Using Same OS

Now we no longer look the same.


Until this latest version, the Tor Browser sent headers to every site (in the GET request) that were identical for every Tor Browser user. That helped make every Tor Browser user look exactly like every other Tor Browser user. This is broken in version 8.0. Now, our OS is correctly reported.

Prove it to yourself. Load this page. https://pgl.yoyo.org/http/browser-headers.php These are the headers sent with your GET request for that page.

Here's what mine look like.

Host: pgl.yoyo.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1

Used to be, every Tor Browser's headers were identical, but I'll bet yours now look different from mine. The part of the useragent in parentheses very probably is different from mine.

Now look in about:config for general.useragent.override. See the value there? Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0. When I put this value into Pale Moon, this is the useragent that is sent to sites. Not so in the new Tor Browser. This, IMNAAHO, is a serious bug.

Others have noticed this too, and they're complaining to Tor. Look in the comments here. https://blog.torproject.org/new-release-tor-browser-80

#tor #tor-browser #torbrowser #privacy #surveillance #agent #user-agent #useragent #security #linux #macos #fingerprinting

 
- #Airport #Security #Bins Have More #Cold #Germs than #Toilets, #Study #Finds


Airport security bins could be hotspots for emerging pandemics, according to a new study from an international team of researchers.
https://interestingengineering.com/airport-security-bins-have-more-cold-germs-than-toilets-study-finds

 

Parola filtrata: nsfw


 

Sensitive Data Exposure via WiFi Broadcasts in Android OS [CVE-2018-9489]

System broadcasts by Android OS expose information about the user’s device to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address. Some of this information (MAC address) is no longer available via APIs on Android 6 and higher, and extra permissions are normally required to access the rest of this information. However, by listening to these broadcasts, any application on the device can capture this information thus bypassing any permission checks and existing mitigations.
https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/

\#android #vulnerability #security #privacy

 

The pain of HSTS and the ever expanding list of TLD's...


HTTP Strict Transport Security is a very nice feature. By returning a response with this header set from a properly configured HTTPS site, you instruct the browsers to don't try to contact your server over unsecured channels again. At least until the validity of the header times out. Even better, by submitting your domain to google, they'll put it on a list that is embedded by all the major browsers, so that the browser will insist on using a secured channel even the first time it connects to your server. Great stuff, you should use it!

Now I maintain the code for a few web sites, and as a precaution against my own fuck-ups, I have set up a virtual mirror of my hosting environments as a staging area. That is where I deploy my code once I think I have done something useful to it, and if it works there, I go on and deploy it to the actual production servers. Again, VirtualBox makes this easy and straight forward to do.

The final piece of the puzzle is of course to hack the hosts file on my system so that Server Name Indication (SNI) works as it should on my virtual staging boxes. Since I don't want to block access to the production servers I have created my own internal TLD (.dev as it happens,) and use names under that TLD to reach my staging setups. This has worked flawlessly for a long time.

Just this weekend I had to pick up an old project for some fairly simple fixes. The code changes didn't take much time, deploying to the staging server is always more painful, but not more than usual. It's when I point my web browser to the staging site to see that everything works the pain begins... Firefox helpfully informs me that the site is using HSTS, so a self signed cert will not do, thank you! Qutebrowser just hangs around and does nothing... Curl is happy giving me the site, as long as I tell it to not be too picky about the cert. So I know the server is working, and as expected the returned headers don't mention anything at all about HTTP Strict Transport Security. No matter how sternly I frown, nothing can convince Firefox or Qutebrowser to show me my site.

Checking https://hstspreload.org to see if some nuthead has submittet my internal site to the HSTS preload list, and sure enough - there it is! That's when I discovered Google has registered the .dev top level domain, and I'll have to find myself another one for my internal tests. That means reconfiguring my staging vms, regenerating certs and changing my hosts files as well. Hopefully I can find something that will never be an official TLD, so nobody will submit any name that matches mine to the HSTS preload list.

Grumpf!

\#hsts #tld #webdev #tls #security #programming

 
Somit ist Telegram entgültig nicht mehr zu empfehlen!
♲ kuketzblog@pod.geraspora.de:

Telegram: Kooperation mit den Behörden bei Terrorverdacht zugesagt

[l]
#messenger #Telegram #datenschutz #privacy #security

 
Somit ist Telegram entgültig nicht mehr zu empfehlen!
♲ kuketzblog@pod.geraspora.de:

Telegram: Kooperation mit den Behörden bei Terrorverdacht zugesagt

[l]
#messenger #Telegram #datenschutz #privacy #security

 
- #Intel #Publishes #Microcode #Security #Patches, No #Benchmarking Or #Comparison Allowed!
Intel is updating its loadable CPU microcode to handle various side-channel and timing attacks. There is a new license term applied to the new microcode
https://perens.com/2018/08/22/new-intel-microcode-license-restriction-is-not-acceptable/

 

Why Is Privacy Important?


Privacy Gives Us Dignity and Decency

I feel safe in assuming that all of you reading this (unless you are an inmate in a prison) use the toilet alone. No one watches you. You don’t want anyone to watch you.

But why do you shut the door? Is it because what you’re doing is a secret? Hardly! Is it because what you’re doing is immoral? Certainly not! You shut the door because what you’re doing is private. Forcing prison inmates to use the toilet in front of others is part of their punishment.

We all understand, instinctively, that watching someone shower, watching someone undress, watching someone use the toilet, and reading someone’s private journal is indecent and abusive. We understand, if we’re not mentally ill, that invading someone’s privacy is immoral.

Privacy Gives Us Safety

To be an effective identity thief, you need to know as much about your victim as possible. The less privacy your potential victims have, the more vulnerable they are.

In the United States, political parties are allowed to copy the government’s list of registered voters, which includes full names and addresses. Imagine that you have been physically abused by a former spouse. Would you want to register to vote?

Presently, in America, police are saying they want to be able to “hack into” our electronic devices whenever they have a warrant. However, for this to be possible, our devices have to have a defect that makes this possible. It’s bad enough that our devices often have unintentional defects that make them vulnerable. Who would want a device that is defective by design?

Weakening our security might make life easier for police, but in doing so it also makes life easier for criminals. It’s small comfort to know, after we become victims, that the criminals will be prosecuted. We don’t need more crime prosecution; we need more crime prevention.

We don’t need to trade away privacy for safety because privacy is a necessary precondition for safety. Security and privacy are pretty much the same thing.

Privacy Gives Us a Chance to Change the World for the Better

Every social movement that’s changed the world for the better, from abolishing slavery to defeating Hitler, has needed to plan without being effectively spied upon. If we, either individually or in groups, are to change our world for the better in the future, we’re going to need to be able to organize and plan privately.
This is from a ZeroNet zite I've been working on once in while for a couple of months.

#privacy #surveillance #security #liberty #freedom

 

Why Is Privacy Important?


Privacy Gives Us Dignity and Decency

I feel safe in assuming that all of you reading this (unless you are an inmate in a prison) use the toilet alone. No one watches you. You don’t want anyone to watch you.

But why do you shut the door? Is it because what you’re doing is a secret? Hardly! Is it because what you’re doing is immoral? Certainly not! You shut the door because what you’re doing is private. Forcing prison inmates to use the toilet in front of others is part of their punishment.

We all understand, instinctively, that watching someone shower, watching someone undress, watching someone use the toilet, and reading someone’s private journal is indecent and abusive. We understand, if we’re not mentally ill, that invading someone’s privacy is immoral.

Privacy Gives Us Safety

To be an effective identity thief, you need to know as much about your victim as possible. The less privacy your potential victims have, the more vulnerable they are.

In the United States, political parties are allowed to copy the government’s list of registered voters, which includes full names and addresses. Imagine that you have been physically abused by a former spouse. Would you want to register to vote?

Presently, in America, police are saying they want to be able to “hack into” our electronic devices whenever they have a warrant. However, for this to be possible, our devices have to have a defect that makes this possible. It’s bad enough that our devices often have unintentional defects that make them vulnerable. Who would want a device that is defective by design?

Weakening our security might make life easier for police, but in doing so it also makes life easier for criminals. It’s small comfort to know, after we become victims, that the criminals will be prosecuted. We don’t need more crime prosecution; we need more crime prevention.

We don’t need to trade away privacy for safety because privacy is a necessary precondition for safety. Security and privacy are pretty much the same thing.

Privacy Gives Us a Chance to Change the World for the Better

Every social movement that’s changed the world for the better, from abolishing slavery to defeating Hitler, has needed to plan without being effectively spied upon. If we, either individually or in groups, are to change our world for the better in the future, we’re going to need to be able to organize and plan privately.
This is from a ZeroNet zite I've been working on once in while for a couple of months.

#privacy #surveillance #security #liberty #freedom