Category: CyberSec / ITSec / Sicherheit / Security / SPAM

opening png images on Android phones is not safe anymore
12.02.2019

Outlook hacked by receiving an email – fax machine – hacked by receiving a fax – Android SmartPhones hacked by vieweing a picture.png (it’s a bug in the Framework/SDK) – „great“ whats next?Will SmartPhones and „THE INTERNET“ be doomed „unsafe“ […]

lnav – like less but more colorful output of log files
03.02.2019

how to monitor all logs… https://dwaves.org/2017/06/15/linux-monitor-all-logs-in-real-time-d-follow-all-show-changes-to-log-files-under-varlog/ as i was wondering what combination of less -R with or without ccze would allow me to view log files colorful (because a desert of black and white… does not give you a good […]

backdoors in hardware – Intel Anti Theft Brick Code
16.12.2018

While „backdoors“ in hardware sound like a good idea… you don’t know how hackers are using it to sabotage infrastructure or extort bitcoins of another country’s companies… see „backdoor in cisco router„. IT IS F**** DANGEROUS! ESPECIALLY if it is […]

xiaomi nfc and baseband exploit – Confirmed! JavaScript is indeed EVIL! Also on Phones!
16.11.2018

https://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results Confirmed! JavaScript is indeed EVIL! just imagine you surf a hacked website… that hijacks your phone calls expensive numbers… sends spam mail and whatsapp messages to your trusted friends and encrypts all your holiday pictures. CONGRATULATIONS! „The @fluoroacetate duo […]

01.10.2018

Was in USA funktioniert ist bald auch bei uns. Kriminelle erbeuten/kaufen detailierte persönliche Informationen (Geburtsdatum, Mail-Passwörter, Kreditkartennummern) online und rufen das Opfer mit einer GEFÄLSCHTEN Telefonnummer an, die GENAU so aussieht wie die einer Bank und erzählen, „es hätte seltsame […]

JavaScript is evil
10.09.2018

We all – except Node.js people and those that want JavaScript to control nuclear power plants – have seen it coming: „JavaScript is evil“ Stallman Anti-JavaScript rant: https://www.gnu.org/philosophy/javascript-trap.en.html (i think he complains more about, that most JavaScripts don’t come with […]

VestaCP disable roundcube webmail
09.08.2018

CentOS7: # search for roundcube config file find / -name *roundcubemail.conf* /usr/local/vesta/install/rhel/6/roundcube/roundcubemail.conf /usr/local/vesta/install/rhel/7/roundcube/roundcubemail.conf /usr/local/vesta/install/rhel/5/roundcube/roundcubemail.conf /etc/httpd/conf.d/roundcubemail.conf # search for installed packages yum list installed |grep roundcube roundcubemail.noarch # is enough to disable roundcube rm -rf /etc/httpd/conf.d/roundcubemail.conf # seems to be no […]

Meltdown Demo at GitHub – RedHat explains MELTDOWN
25.07.2018

Update: 2019.01: Redhat CPU fixes overview: Is CPU microcode available to address CVE-2017-5715 via the microcode_ctl package? https://access.redhat.com/articles/3436091 Update: 2018.12: ForeShadow – guest reading Level1 Cache of host ForeShadow (known as L1 Terminal Fault (L1TF) by Intel)[1][2] is a vulnerability […]

27.06.2018

Bitcoin Gold hacked – 18 Million USD stolen https://www.heise.de/newsticker/meldung/Ende-der-Grafikkarten-Aera-8000-ASIC-Miner-fuer-Zcash-Bitcoin-Gold-Co-4091821.html https://www.heise.de/ct/ausgabe/2018-14-Wie-51-Prozent-Angriffe-Bitcoin-Co-bedrohen-4085333.html

How far has the BigBrother from 1984 already gone?
26.06.2018

„Thank you“ i feel much safer now, that you know EVERYTHING about me, you, everybody. it is about influencing and directing the masses like a herd of cattle. https://en.wikipedia.org/wiki/Room_641A Room 641A is a telecommunication interception facility in the SBC Communications […]

06.06.2018

sometimes if you know how to r-click… you are allready a HACKER! „Last month’s story about organizations exposing passwords and other sensitive data via collaborative online spaces at Trello.com only scratched the surface of the problem. A deeper dive suggests […]