"let the barbarians in through the gate"
The name of the founder of Microsoft was "Gates", not "gate", wasn't it?
Posts by pc-fluesterer.info
107 publicly visible posts • joined 23 Feb 2020
Ransomware-hit British Library: Too open for business, or not open enough?
Microsoft pins hopes on AI once again – this time to patch up Swiss cheese security
Monday 6th November 2023 07:56 GMT 
AI is a plain mock attack
Ransomware to 90% is not enabled by security holes in the sense of programming errors. Ransomware is enabled by design faults deep in M$' thinking. Most of ransomware comes with SPAM an the user has to contribute:
Open the SPAM (ok, take that for granted);
open the attachment (that's already questionable);
allow macros! (¹);
give the admin's password! (²)
(¹) How on earth can it be that a document (text, spreadsheet, presentation) sent by mail can contain macros so powerful that they can damage the OS severely? How on earth can it be that macros in an email attachment can be enabled at all?
(²) Following best practice, no user should™ have administrative rights, neither by knowing an admin's password nor by by normal working with administrative rights. But the latter happens way too often. Why? Because M$' products are "more comfy" with administrative rights - a design fault. Anyone remember Windows XP? That was effectively unusable with restricted user rights. The situation has since improved a little bit, but not enough by far.
Linux Mint Debian Edition 6 hits beta with reassuringly little drama
Thursday 14th September 2023 09:16 GMT
Here is a happy and satisfied user
I for one use LMDE since version 2. LMDE 4 was quite good, LMDE 5 really grown-up. Looking forward to LMDE 6!
Will it offer an in-place upgrade such as Mint does?
Only thing I dislike is Cinnamon. I prefer Mate since the beginning, which I just installed additionally. So I use Mate plus Cairo-Dock.
Do Facebook's algorithms drive political polarization? Meta says no, but researchers say it's complicated
Linux has nearly half of the desktop OS Linux market
Wednesday 19th July 2023 10:14 GMT
Re: "typical Linuxes are tools for nerdy hacker types" -- ?
The ones I am talking about would never ever do a search (of course not goggle) and manipulate the system on their own.
After I have installed the system, it just runs. And runs and runs and runs.
Only when an upgrade is necessary (not earlier than four years) I enter the scene.
While in the meantime the process of upgrading is automated and works so seamless that any reasonably intelligent person can do that.
Wednesday 19th July 2023 07:54 GMT 
"typical Linuxes are tools for nerdy hacker types" -- ?
"... typical Linuxes are tools for nerdy hacker types"? I for one strongly disagree.
I have used many flavours of Linux since the mid-90s. For many years now Mint and LMDE are my number one (and debian as host for VirtualBox).
End users get Mint from me. And guess what? Even the most non-nerdy ones are happy with it. Mint is end user friendly to such an extent that it can beat Windows.
My stance is: Anyone who can read and write can use Linux.
Unsealed: Charges against Russians blamed for Mt Gox crypto-exchange collapse
'Strictly limit' remote desktop – unless you like catching BianLian ransomware
Fast-evolving Prilex POS malware can block contactless payments
Bankruptcy probe: Celsius cheated investors 'from the start'
Russian meddling in 2016 US presidential election was weak sauce
Wednesday 11th January 2023 07:53 GMT 
Wrong subject, wrong findings
It may perhaps be true that Russia's trolls in the antisocial networks and the news didn't achieve too much - I for one still doubt that. But looking at the candid propaganda totally misses the point.
Anyone remember Cambridge Analytica / SCL / Emerdata? Run by a Russian named Aleksandr Kogan? He used data "stolen"¹ from F.c.book as basis for targeted advertising in antisocial networks. That discouraged suspect Democrats from voting. And the like. That was the real meddling.
¹) That is Zockerbergs narration. Still I believe that he encashed on that "stolen" data.
US House boots TikTok from government phones
Zerobot malware now shooting for Apache systems
Researchers smell a cryptomining Chaos RAT targeting Linux systems
Wednesday 14th December 2022 07:56 GMT
Initial compromise?
*IF* the malware is aboard it can do this and that - fine.
Big question is: *HOW* does it get there? What is the attack vector?
If it is installed deliberately I wouldn't call it malware. And the installation does need the /root/ pw, always.
To me this thing sounds more like "Give me all you money or I shoot myself!"
Legit Android apps poisoned by sticky 'Zombinder' malware
Monday 12th December 2022 14:22 GMT
FUD
"This is why users should never install apps from outside of the Google Play Store." -- Plain nonsense. As others have pointed out already, the official PlayStore is full of malicious apps. Those are found on a nearly regular basis. Some may indeed have evaded Googles "checks", some others ...?
I for one use iodé instead of Android which doesn't have Google Play installed. I fetch what I need from f-droid or directly from the - trustworthy - manufacturer (e.g. AVM, Threema, Wire). I feel perfectly safe.
Apps (only non-paid) from the PlayStore, if really needed and not available otherwise, I get with the help of the FOSS Aurora app.
India set to extend deadline for absurd infosec reporting requirements
How do you protect your online systems? Cultivate an insider threat
Wednesday 12th October 2022 03:25 GMT
Re: "because of bad actions by employees"
To update your knowledge an opinion, I suggest you have a look at Denmark and Estonia.
In both countries public authorities rely on FOSS.
Here in Germany we had a lot of ransomware incidents hampering universities, cities, courts, revenue authorities, and the like.
Such incidents are unknown in the two FOSS countries!
Assuming that people are similar all over Europe, the only interpretation remains the intrinsic security of FOSS.
Tuesday 11th October 2022 05:48 GMT
"because of bad actions by employees"
A vast amount of "bad actions by employees" would be totally innocuous if the IT wouldn't rely on M$ monoculture.
"Yes, people are the problem"? No, they needn't be.
Try the usual [email brings infection (malware or data stealer)] stunt in a FOSS environment.
Sophos fixes critical firewall hole exploited by miscreants
Nearly one in two industry pros scaled back open source use over security fears
Internet pranksters send hundreds of cabs to Moscow street, cause gridlock
Critical flaws found in four Cisco SMB router ranges – for the second time this year
Bloke robbed of $800,000 in cryptocurrency by fake wallet app wants payback from Google
Windows Start Menu not starting? You're not alone
HelloXD ransomware bulked up with better encryption, nastier payload
Tuesday 14th June 2022 13:15 GMT
Re: "Linux under attack"?
I wrote 'well administered' by purpose. It means:
1. The user doesn't know the root pw, so social engineering can do little harm.
2. Misconfiguration: Admin fault, not Linux fault.
My question is unanswered still: In common ransomware attacks M$ Windows and M$ Office play key roles. What would be a comparable attack vector against LINUX (not against admin faults)?
Tuesday 14th June 2022 08:33 GMT
"Linux under attack"?
Well, I know how ransomware enters Windows systems.
What would be the attack vector for Linux?
I for one can't see anything comparable.
Don't come with "If the malware is in the system it can do this and that".
I want to know HOW the malware should be able to enter a well administered Linux System.
The victim has to install it manually and give the root password? :-(
Singapore uncovers four critical vulnerabilities in Riverbed software
Ragnar ransomware gang hit 52 critical US orgs, says FBI
EU, US close to replacing defunct Privacy Shield II
Linux Snap package tool fixes make-me-root bugs
Cyberattacker hits German service station petrol terminal provider
Wednesday 2nd February 2022 17:04 GMT
"Cyberattack" sounds like the usual excuse
The truth:
"We are working in a M$ monoculture; we neglected our preventive IT scurity; a staffer opened a SPAM AND opened the attachment AND allowed macros."
Ouch!
Instead of the common "attack" by SPAM it may have been an attack against the known weaknesses of the M$ Exchange Server, automated as well.
Three US states plus Washington DC sue Google for using UI design 'dark patterns' to harvest your location
Apple's anti-ad-tracking iPhone feature took a '$10bn' chunk out of social network revenues
Tuesday 2nd November 2021 07:12 GMT
No need to use F.c.book
"I have family all over the world that I want to easily keep in touch with"
Well, there are other, and most of all CLEAN, ways to accomplish that!
Signal, Threema, Wire, even Telegram is better than F.c.book, Insta or WA. And there are federated networks such as Jabber/XMPP or Element/Matrix.
No need to use F.c.book.
Informatica UKI veep was rightfully sacked over Highways England $5k golf jolly, says tribunal
Canon makes 'all-in-one' printers that refuse to scan when out of ink, lawsuit claims
Tuesday 19th October 2021 11:43 GMT
neither nor
Lexmark: Last time i got my hands dirty by having to deal with the SW-crap they produce, it behaved like the computer had become member of a so-called church which to leave is near to impossible. Try and deinstall a Lexmark printer! The whole Windows printing system is an unrecoverable mess. Lucky the man who has an image of the clean and functioning state.
HP: Had the same issue with a HP MFP many years ago. The scanner part was defective. Repair economically not worthwhile. The printer part in solidarity refused to work, same as Canon :-(
Facebook posts job ad for 10,000 'high-skilled' roles to 'build the metaverse' – and they'll all be based in the EU
Android OS vendor variants transmit data with no opt-out
Thursday 14th October 2021 03:36 GMT
Re: Why worry?
"Google know more about you and your life than you will ever remember" - WRONG
The chocolate factory has nothing to gain here. The majority of the spying services, including doubleclick, is blocked in my PI-hole. I don't accept any cookies from spies. With various add-ons I fight browser fingerprinting and other means of tracking. About me Google may know a little bit, but that is about 2% of the knowledge about average John Doe.
"vote with your feet and opt out": Yes, that is exactly what I do and what I recommend. Replace Android by a clean custom-ROM.
"Alterntives ... are they good enough": The answer is, YES. For me and a lot of other people. Well, true, you need to invest a small portion of brain 1.0
"Governments": If you are target person of the state spies you can't escape them anyway. But you need not feed the Utah data centre of the NSA. It is ok to make their lives a little bit harder. ;-)
Wednesday 13th October 2021 17:51 GMT
multiple errors
The researchers used LOS *with* additional OpenGApps in the "nano" variant.
Alas they were ill-informed.
1. You can have LOS utterly clean without any Google crap.
2. If you need GSF (Google Services Framework) because you want to use apps that require it, you can install the "pico" variant of OpenGApps or install MicroG, which both contain the essential GSF. The "pico" variant is only half of the size of the "nano" variant. Imagine what makes up for the difference ...
3. You can have LOS with MicroG integrated as "LineageOS for MicroG" https://lineage.microg.org/ or as "System /e/" as in the paper.
4. Even more privacy protection is available as "iodé". That is LOS, MicroG and additional amelioration of privacy protection. Only drawback is that it is available currently only for a restricted set of devices. https://iode.tech/en/iodeos-installation/
I for one use it on my Sony Xperia XA2, perfectly satisfied. It even has a built-in Ad- and Tracking-Blocker. I have 99,9% of the functions I want available AND perfect privacy protection.
Biting the hand that feeds IT
