Category: CyberSec / ITSec / Sicherheit / Security / SPAM

JavaScript is evil
10.09.2018

We all – except Node.js people and those that want JavaScript to control nuclear power plants – have seen it coming: „JavaScript is evil“ Stallman Anti-JavaScript rant: https://www.gnu.org/philosophy/javascript-trap.en.html (i think he complains more about, that most JavaScripts don’t come with […]

VestaCP disable roundcube webmail
09.08.2018

CentOS7: # search for roundcube config file find / -name *roundcubemail.conf* /usr/local/vesta/install/rhel/6/roundcube/roundcubemail.conf /usr/local/vesta/install/rhel/7/roundcube/roundcubemail.conf /usr/local/vesta/install/rhel/5/roundcube/roundcubemail.conf /etc/httpd/conf.d/roundcubemail.conf # search for installed packages yum list installed |grep roundcube roundcubemail.noarch # is enough to disable roundcube rm -rf /etc/httpd/conf.d/roundcubemail.conf # seems to be no […]

Meltdown Demo at GitHub – RedHat explains MELTDOWN
25.07.2018

MELTDOWN (exploiting speculative execution to read ALL of the RAM of a server via CPU that has this feature (all CPUs back to Pentium MMX of 1996) explained: from RedHat Youtube Channel: https://www.youtube.com/channel/UCp6NUFV9mSEK6RxUiEVymVg   Demo at GitHub: Meltdown Proof-of-Concept: required: […]

27.06.2018

Bitcoin Gold hacked – 18 Million USD stolen https://www.heise.de/newsticker/meldung/Ende-der-Grafikkarten-Aera-8000-ASIC-Miner-fuer-Zcash-Bitcoin-Gold-Co-4091821.html https://www.heise.de/ct/ausgabe/2018-14-Wie-51-Prozent-Angriffe-Bitcoin-Co-bedrohen-4085333.html

How far has the BigBrother from 1984 already gone?
26.06.2018

„Thank you“ i feel much safer now, that you know EVERYTHING about me, you, everybody. it is about influencing and directing the masses like a herd of cattle. https://en.wikipedia.org/wiki/Room_641A Room 641A is a telecommunication interception facility in the SBC Communications […]

06.06.2018

sometimes if you know how to r-click… you are allready a HACKER! „Last month’s story about organizations exposing passwords and other sensitive data via collaborative online spaces at Trello.com only scratched the surface of the problem. A deeper dive suggests […]

znet – estimates 2018 Corporate IT Budgets
30.04.2018

70% of decision makers increase tech budget in 2018, slightly higher than 2017. top technologies: CyberSecurity (53%) Hardware upgrades (47%) cloud services (43%) software (40%) BigData Analytics (20%) Internet of Things (18%) 35% training employees 29% want to hire new […]

Stromausfall – Dank All-IP (VoIP) und DECT kein Notruf mehr möglich
15.04.2018

Effizienz ist nicht alles – weiß Bernard Lietaer – wer sich auf eine Monokultur verlässt – ist verlassen. Nach einem Stromausfall oder Hacker-Angriff können Internet basierte Kommunikationsdienste lahmgelegt sein. Aus eigener Erfahrung: An Weihnachten 2017 wurde ein Baum vom Biber […]

Monitoring your Network
04.04.2018

so i guess „monitoring“ is about two things: availability and performance: detect performance bottlenecks get informed if parts (harddisks) / servers have failed / are about to fail security: detect, report and (if possible) automatically fence off „unusual“ network activity […]

NMAP basic network scanning – overview over LAN
27.02.2018

What computers are online? What services/ports in what versions are online/open? over poorly or not so poorly documented LANs you can get an overview by using nmap. yum install nmap; # centos/redhat apt-get install nmap; # debian/ubuntu # get a […]

LANCOM Erklärung zur Vertrauenswürdigkeit
31.01.2018

Erklärung der LANCOM Systems GmbH Produkte von LANCOM sind frei von versteckten Zugangsmöglichkeiten und sonstigen unerwünschten Funktionen zur Ein- und Ausleitung oder Manipulation von Daten LANCOM Systems weiß um die Bedeutung vertrauenswürdiger Infrastrukturen für die erfolgreiche Digitalisierung von Wirtschaft und […]

Docker
29.01.2018

who is who? concepts: docker is written in Google Go by Docker Inc, SanFrancisco because it does not emulate any hardware – it is a linux container / sandbox or jail like Free BSD Jail or Solaris Zones or OpenVZ so […]

gpg verify downloaded software – no public key
27.01.2018

if you download software, you should verify that what you downloaded is not a altered file of a hacked server distributing trojan horses and keyloggers (malware). it seems for the gpg verification it is a 3 step process. 1. download […]

Bugs in Hardware – intel microcode updates
12.01.2018

update 2018-03-15: from C’t: new micro codes for intel iCPUs (2011 and onwoards) seem to fix Spectre v2 (CVE-2017-5715) 60minutes: https://www.heise.de/security/meldung/Spectre-Luecke-Intels-Microcode-Updates-fuer-Linux-und-Windows-3994347.html As Einstein already knew energy = matter = energy. great comparison: bugs in hardware – only solution: change / […]

amd arm intel cpus all got problems – Meltdown and Spectre – JavaScript could steal your Firefoxs Passwords
04.01.2018

update 2018-03-15: from C’t: new micro codes for intel iCPUs (2011 and onwoards) seem to fix Spectre v2 (CVE-2017-5715) 60minutes: https://www.heise.de/security/meldung/Spectre-Luecke-Intels-Microcode-Updates-fuer-Linux-und-Windows-3994347.html update: good overview and explanation of the situation: ARM also affected. The Meltdown + Spectre Vulnerabilities update: please checkout […]