Category: CyberSec / ITSec / Sicherheit / Security / SPAM

cost of cybercrime and lawful backdoors
09.03.2019

„The cost to companies from malware and “malicious insider”-related cyberattacks jumped +12 percent in 2018 and accounted for one-third of all cyberattack costs, according to new research published today by Accenture and the Ponemon Institute.“ src: helpnetsecurity.com logical consequence: stop […]

Hardware Implants – Thunderbolt and OMG USB Cable of Evil
09.03.2019

… this is why no usb stick and no cable can be trusted… Thunderbolt / PCI-Express is having similar issues „Abstract—Direct Memory Access (DMA) attacks have beenknown for many years: DMA-enabled I/O peripherals have com-plete access to the state of […]

CentOS7 setup iptables vs nftables firewalld
06.03.2019

watch your logs with this command, you can watch all logs at the same time, which should work for small servers with 10-30x websites (with more it probably get’s a little too much output) analyze the malicious traffic you can […]

how to htaccess limit wordpress searches
04.03.2019

lately this blog gets bombarded with queries like these: which decoded are Korean SPAM? which translates as: iptables / firewalld seem not to work and have to really really figure out why. until then this is a little workaround, it […]

20.02.2019

shortcut: the fix for this seems to be to simply replace https://stackoverflow.com/questions/9477115/what-are-the-differences-and-similarities-between-ffmpeg-libav-and-avconv „This program (ffmpeg) is not developed anymore and is only provided for compatibility. Use avconv instead“ ffmpeg -i „$1“ -acodec libmp3lame -ac 2 -q:a 2 „$1.mp3“; -> avconv […]

opening png images on Android phones is not safe anymore
12.02.2019

Outlook hacked by receiving an email – fax machine – hacked by receiving a fax – Android SmartPhones hacked by vieweing a picture.png (it’s a bug in the Framework/SDK) – „great“ whats next?Will SmartPhones and „THE INTERNET“ be doomed „unsafe“ […]

lnav – like less but more colorful output of log files
03.02.2019

how to monitor all logs… https://dwaves.org/2017/06/15/linux-monitor-all-logs-in-real-time-d-follow-all-show-changes-to-log-files-under-varlog/ as i was wondering what combination of less -R with or without ccze would allow me to view log files colorful (because a desert of black and white… does not give you a good […]

backdoors in hardware – Intel Anti Theft Brick Code
16.12.2018

While „backdoors“ in hardware sound like a good idea… you don’t know how hackers are using it to sabotage infrastructure or extort bitcoins of another country’s companies… see „backdoor in cisco router„. IT IS F**** DANGEROUS! ESPECIALLY if it is […]

xiaomi nfc and baseband exploit – Confirmed! JavaScript is indeed EVIL! Also on Phones!
16.11.2018

https://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results Confirmed! JavaScript is indeed EVIL! just imagine you surf a hacked website… that hijacks your phone calls expensive numbers… sends spam mail and whatsapp messages to your trusted friends and encrypts all your holiday pictures. CONGRATULATIONS! „The @fluoroacetate duo […]

01.10.2018

Was in USA funktioniert ist bald auch bei uns. Kriminelle erbeuten/kaufen detailierte persönliche Informationen (Geburtsdatum, Mail-Passwörter, Kreditkartennummern) online und rufen das Opfer mit einer GEFÄLSCHTEN Telefonnummer an, die GENAU so aussieht wie die einer Bank und erzählen, „es hätte seltsame […]

JavaScript is evil
10.09.2018

We all – except Node.js people and those that want JavaScript to control nuclear power plants – have seen it coming: „JavaScript is evil“ Stallman Anti-JavaScript rant: https://www.gnu.org/philosophy/javascript-trap.en.html (i think he complains more about, that most JavaScripts don’t come with […]