* Posts by pc-fluesterer.info

116 publicly visible posts • joined 23 Feb 2020

Page:

Apple promises to protect iMessage chats from quantum computers

pc-fluesterer.info
Thumb Down

Smoke grenade

All this fuzz is made as a sham fight in order to distract public attention from the role iMessage played (and plays?) for zero-click infection with Pegasus and others.

Thousands of Juniper Networks devices vulnerable to critical RCE bug

pc-fluesterer.info
FAIL

Darn! Again a backdoor disclosed ...

US design? Oh well. No further questions.

Kaspersky reveals previously unknown hardware 'feature' exploited in iPhone attacks

pc-fluesterer.info

Recording of Larin's speech at 37C3

https://media.ccc.de/v/37c3-11859-operation_triangulation_what_you_get_when_attack_iphones_of_researchers

pc-fluesterer.info

Re: You receive some 'visitors'....

aka NSL.

Money-grubbing crooks abuse OAuth – and baffling absence of MFA – to do financial crimes

pc-fluesterer.info
FAIL

OAuth is broken by design

Yes, a single sign-in is convenient. But it is inherently unsafe, too. I for one would never use it.

I use a password manager which automatically inputs my credentials into the appropriate website or application, and I use 2FA (TOTP) where ever possible.

Surprise! Email from personal.
information.reveal@gmail.com is not going to contain good news

pc-fluesterer.info
Thumb Down

And the role of the Chocolate Factory?

I see gmail and protonmail addresses used by the cyber gangsters.

At Protonmail they immediately delete accounts reported as abuse. BTDT.

And gmail? Reaction to abuse reports: Nil, nought, zero. :-(

pc-fluesterer.info
FAIL

Basically, never use exchange

https://alternativeto.net/software/microsoft-exchange-server/

Black Basta ransomware operation nets over $100M from victims in less than two years

pc-fluesterer.info
Linux

Will they ever learn?

Will any of the victims draw the obvious conclusion? Ransomware attacks rely on design faults and programming errors in M$ products. If the victims (and the to-be victims) wanted to protect themselves in the future, they could and should turn to FOSS.

Japan's space agency suffers cyber attack, points finger at Active Directory

pc-fluesterer.info
Facepalm

Will they ever learn?

AD is not inevitable!

https://alternativeto.net/software/microsoft-active-directory/

Ransomware-hit British Library: Too open for business, or not open enough?

pc-fluesterer.info
Linux

"let the barbarians in through the gate"

The name of the founder of Microsoft was "Gates", not "gate", wasn't it?

Microsoft pins hopes on AI once again – this time to patch up Swiss cheese security

pc-fluesterer.info
Facepalm

AI is a plain mock attack

Ransomware to 90% is not enabled by security holes in the sense of programming errors. Ransomware is enabled by design faults deep in M$' thinking. Most of ransomware comes with SPAM an the user has to contribute:

Open the SPAM (ok, take that for granted);

open the attachment (that's already questionable);

allow macros! (¹);

give the admin's password! (²)

(¹) How on earth can it be that a document (text, spreadsheet, presentation) sent by mail can contain macros so powerful that they can damage the OS severely? How on earth can it be that macros in an email attachment can be enabled at all?

(²) Following best practice, no user should™ have administrative rights, neither by knowing an admin's password nor by by normal working with administrative rights. But the latter happens way too often. Why? Because M$' products are "more comfy" with administrative rights - a design fault. Anyone remember Windows XP? That was effectively unusable with restricted user rights. The situation has since improved a little bit, but not enough by far.

Linux Mint Debian Edition 6 hits beta with reassuringly little drama

pc-fluesterer.info
Linux

Here is a happy and satisfied user

I for one use LMDE since version 2. LMDE 4 was quite good, LMDE 5 really grown-up. Looking forward to LMDE 6!

Will it offer an in-place upgrade such as Mint does?

Only thing I dislike is Cinnamon. I prefer Mate since the beginning, which I just installed additionally. So I use Mate plus Cairo-Dock.

Do Facebook's algorithms drive political polarization? Meta says no, but researchers say it's complicated

pc-fluesterer.info

No question here

Of course the tendency is away from the centre. The algorithms foster divisiveness, polarisation, radicalisation, because that catches peoples attention.

pc-fluesterer.info
Alert

Mock fight

The main menace for democracy is not the algorithms but the individual targeted advertising based on "big data" user profiles. That can be quite manipulating, as seen in the election campaign for the MAGA POTUS. In Germany we have a recent example as well: https://targetleaks.de/

Linux has nearly half of the desktop OS Linux market

pc-fluesterer.info
Happy

Re: "typical Linuxes are tools for nerdy hacker types" -- ?

""Mint is end user friendly to such an extent that it can beat Windows."

You're right, of course but to be fair, it's a low bar."

:-)

pc-fluesterer.info
Linux

Re: "typical Linuxes are tools for nerdy hacker types" -- ?

The ones I am talking about would never ever do a search (of course not goggle) and manipulate the system on their own.

After I have installed the system, it just runs. And runs and runs and runs.

Only when an upgrade is necessary (not earlier than four years) I enter the scene.

While in the meantime the process of upgrading is automated and works so seamless that any reasonably intelligent person can do that.

pc-fluesterer.info
Thumb Down

"typical Linuxes are tools for nerdy hacker types" -- ?

"... typical Linuxes are tools for nerdy hacker types"? I for one strongly disagree.

I have used many flavours of Linux since the mid-90s. For many years now Mint and LMDE are my number one (and debian as host for VirtualBox).

End users get Mint from me. And guess what? Even the most non-nerdy ones are happy with it. Mint is end user friendly to such an extent that it can beat Windows.

My stance is: Anyone who can read and write can use Linux.

Unsealed: Charges against Russians blamed for Mt Gox crypto-exchange collapse

pc-fluesterer.info
Boffin

Crypto is for crims an gamblers anyway, so what?

nothing to be seen here.

'Strictly limit' remote desktop – unless you like catching BianLian ransomware

pc-fluesterer.info
WTF?

In other words: Best practice

All that FBI advice boils down to one single sentence: Adhere to best practice.

Fast-evolving Prilex POS malware can block contactless payments

pc-fluesterer.info

How does it get there?

Well, that is what Prilex CAN do - impressive. But what's missing is step one: How does Prilex get into the POS system in the first place?

Bankruptcy probe: Celsius cheated investors 'from the start'

pc-fluesterer.info
Stop

If it looks "too good to be true", ...

nothing to add.

pc-fluesterer.info
Happy

Re: AST

Sell? To the "greater fool". ;-)

Russian meddling in 2016 US presidential election was weak sauce

pc-fluesterer.info
FAIL

Wrong subject, wrong findings

It may perhaps be true that Russia's trolls in the antisocial networks and the news didn't achieve too much - I for one still doubt that. But looking at the candid propaganda totally misses the point.

Anyone remember Cambridge Analytica / SCL / Emerdata? Run by a Russian named Aleksandr Kogan? He used data "stolen"¹ from F.c.book as basis for targeted advertising in antisocial networks. That discouraged suspect Democrats from voting. And the like. That was the real meddling.

¹) That is Zockerbergs narration. Still I believe that he encashed on that "stolen" data.

US House boots TikTok from government phones

pc-fluesterer.info
FAIL

Old white men and TikTok?

What the hell do old white men have TikTok (TT) for in the first place? Additionally, on "official" devices?

Up to now I thought that TT is only for teeny girls. ;-)

Zerobot malware now shooting for Apache systems

pc-fluesterer.info
Facepalm

"unpatched or badly secured devices"

And further: "... insecure configurations that use default or weak credentials".

All admin faults.

But I bet that this case as well will be attributed as "malware that can target Apache". :-(

Researchers smell a cryptomining Chaos RAT targeting Linux systems

pc-fluesterer.info
Linux

Initial compromise?

*IF* the malware is aboard it can do this and that - fine.

Big question is: *HOW* does it get there? What is the attack vector?

If it is installed deliberately I wouldn't call it malware. And the installation does need the /root/ pw, always.

To me this thing sounds more like "Give me all you money or I shoot myself!"

Legit Android apps poisoned by sticky 'Zombinder' malware

pc-fluesterer.info
Thumb Down

FUD

"This is why users should never install apps from outside of the Google Play Store." -- Plain nonsense. As others have pointed out already, the official PlayStore is full of malicious apps. Those are found on a nearly regular basis. Some may indeed have evaded Googles "checks", some others ...?

I for one use iodé instead of Android which doesn't have Google Play installed. I fetch what I need from f-droid or directly from the - trustworthy - manufacturer (e.g. AVM, Threema, Wire). I feel perfectly safe.

Apps (only non-paid) from the PlayStore, if really needed and not available otherwise, I get with the help of the FOSS Aurora app.

pc-fluesterer.info
FAIL

Rubbish

Each and every FOSS app from f-droid is more trustworthy than the PlayStore malware.

India set to extend deadline for absurd infosec reporting requirements

pc-fluesterer.info
Facepalm

REPORTING is an "essential national defence mechanism"?

Well, I still keep on learning.

Up to now I thought that it is better to PREVENT an incident than to REPORT one that happened.

Well, looks like I will have to rethink. ...

How do you protect your online systems? Cultivate an insider threat

pc-fluesterer.info
Linux

Re: "because of bad actions by employees"

To update your knowledge an opinion, I suggest you have a look at Denmark and Estonia.

In both countries public authorities rely on FOSS.

Here in Germany we had a lot of ransomware incidents hampering universities, cities, courts, revenue authorities, and the like.

Such incidents are unknown in the two FOSS countries!

Assuming that people are similar all over Europe, the only interpretation remains the intrinsic security of FOSS.

pc-fluesterer.info
FAIL

"because of bad actions by employees"

A vast amount of "bad actions by employees" would be totally innocuous if the IT wouldn't rely on M$ monoculture.

"Yes, people are the problem"? No, they needn't be.

Try the usual [email brings infection (malware or data stealer)] stunt in a FOSS environment.

Sophos fixes critical firewall hole exploited by miscreants

pc-fluesterer.info
FAIL

Best practice?

Since when is making your admin interface publicly accessible considered "best practice"?

Nearly one in two industry pros scaled back open source use over security fears

pc-fluesterer.info
Happy

Re: Happens here

easy explanation: FOSS doesn't contain the backdoors required by state agencies ...

pc-fluesterer.info
FAIL

Re: "open-source software is deemed insecure, so it's not allowed" (28 percent)

really, can you? Did anybody ever sue M$? Or Apple? Or Oracle? Or ... (you name it)?

Internet pranksters send hundreds of cabs to Moscow street, cause gridlock

pc-fluesterer.info
Megaphone

Uber

Perhaps it is worth mentioning that "Yandex Taxi" is a joint venture of Yandex and Uber, founded after Uber withdraw from Russia in 2017.

Critical flaws found in four Cisco SMB router ranges – for the second time this year

pc-fluesterer.info
FAIL

Isn't CISCO short for ...

Central Intelligence Secretly Covered Operation?

Bloke robbed of $800,000 in cryptocurrency by fake wallet app wants payback from Google

pc-fluesterer.info
FAIL

Compassion? Nil!

Move on, nothing to be seen here!

Windows Start Menu not starting? You're not alone

pc-fluesterer.info
Linux

"Restarting your Windows device might help" :-)

"You changed the position of the cursor. For this change to take effect you have to restart Windows. Do you want to restart now? Yes/No/Perhaps"

:-D

HelloXD ransomware bulked up with better encryption, nastier payload

pc-fluesterer.info
Linux

Re: "Linux under attack"?

I compare M$ Office under M$ Windows to a Linux desktop*) and LibreOffice, Collabora or the like. And a Windows Server or even - shudder - Exchange to a Linux Server with the equivalent mail server and groupware.

*) Choice of distribution is up to you.

pc-fluesterer.info
WTF?

Re: "Linux under attack"?

I wrote 'well administered' by purpose. It means:

1. The user doesn't know the root pw, so social engineering can do little harm.

2. Misconfiguration: Admin fault, not Linux fault.

My question is unanswered still: In common ransomware attacks M$ Windows and M$ Office play key roles. What would be a comparable attack vector against LINUX (not against admin faults)?

pc-fluesterer.info
Linux

"Linux under attack"?

Well, I know how ransomware enters Windows systems.

What would be the attack vector for Linux?

I for one can't see anything comparable.

Don't come with "If the malware is in the system it can do this and that".

I want to know HOW the malware should be able to enter a well administered Linux System.

The victim has to install it manually and give the root password? :-(

Singapore uncovers four critical vulnerabilities in Riverbed software

pc-fluesterer.info
FAIL

Backdoor(s)?

you'd better close those backdoor(s) before Putins hackers exploit them. <eg>

Ragnar ransomware gang hit 52 critical US orgs, says FBI

pc-fluesterer.info
Pint

Windows only, right?

Just asking ...

EU, US close to replacing defunct Privacy Shield II

pc-fluesterer.info
FAIL

CLOUD Act and PATRIOT Act

At least those two laws prohibit a new "agreement". Such an agreement is plain impossible as long as these laws exist.

Linux Snap package tool fixes make-me-root bugs

pc-fluesterer.info
Thumb Down

The idea behind SNAP is ...

to accomplish a vendor lock-in!

Cyberattacker hits German service station petrol terminal provider

pc-fluesterer.info
Facepalm

"Cyberattack" sounds like the usual excuse

The truth:

"We are working in a M$ monoculture; we neglected our preventive IT scurity; a staffer opened a SPAM AND opened the attachment AND allowed macros."

Ouch!

Instead of the common "attack" by SPAM it may have been an attack against the known weaknesses of the M$ Exchange Server, automated as well.

Three US states plus Washington DC sue Google for using UI design 'dark patterns' to harvest your location

pc-fluesterer.info

Re: Secrets -- or turn to Custom-ROM

You'd better turn to a FOSS custom-ROM in the first place: LineageOS, System /e/, iodé, Sailfish, you name it.

pc-fluesterer.info
Megaphone

... or use FOSS

so why do you use gmaps at all? There are FOSS maps such as MagicEarth or OSMAnd.

Apple's anti-ad-tracking iPhone feature took a '$10bn' chunk out of social network revenues

pc-fluesterer.info
Boffin

yes: Refrain from Apple

easy done: Don't use Apple spy devices.

pc-fluesterer.info
Facepalm

No need to use F.c.book

"I have family all over the world that I want to easily keep in touch with"

Well, there are other, and most of all CLEAN, ways to accomplish that!

Signal, Threema, Wire, even Telegram is better than F.c.book, Insta or WA. And there are federated networks such as Jabber/XMPP or Element/Matrix.

No need to use F.c.book.

Page: