* Posts by pc-fluesterer.info

88 publicly visible posts • joined 23 Feb 2020

Page:

India set to extend deadline for absurd infosec reporting requirements

pc-fluesterer.info
Facepalm

REPORTING is an "essential national defence mechanism"?

Well, I still keep on learning.

Up to now I thought that it is better to PREVENT an incident than to REPORT one that happened.

Well, looks like I will have to rethink. ...

How do you protect your online systems? Cultivate an insider threat

pc-fluesterer.info
Linux

Re: "because of bad actions by employees"

To update your knowledge an opinion, I suggest you have a look at Denmark and Estonia.

In both countries public authorities rely on FOSS.

Here in Germany we had a lot of ransomware incidents hampering universities, cities, courts, revenue authorities, and the like.

Such incidents are unknown in the two FOSS countries!

Assuming that people are similar all over Europe, the only interpretation remains the intrinsic security of FOSS.

pc-fluesterer.info
FAIL

"because of bad actions by employees"

A vast amount of "bad actions by employees" would be totally innocuous if the IT wouldn't rely on M$ monoculture.

"Yes, people are the problem"? No, they needn't be.

Try the usual [email brings infection (malware or data stealer)] stunt in a FOSS environment.

Sophos fixes critical firewall hole exploited by miscreants

pc-fluesterer.info
FAIL

Best practice?

Since when is making your admin interface publicly accessible considered "best practice"?

Nearly one in two industry pros scaled back open source use over security fears

pc-fluesterer.info
Happy

Re: Happens here

easy explanation: FOSS doesn't contain the backdoors required by state agencies ...

pc-fluesterer.info
FAIL

Re: "open-source software is deemed insecure, so it's not allowed" (28 percent)

really, can you? Did anybody ever sue M$? Or Apple? Or Oracle? Or ... (you name it)?

Internet pranksters send hundreds of cabs to Moscow street, cause gridlock

pc-fluesterer.info
Megaphone

Uber

Perhaps it is worth mentioning that "Yandex Taxi" is a joint venture of Yandex and Uber, founded after Uber withdraw from Russia in 2017.

Critical flaws found in four Cisco SMB router ranges – for the second time this year

pc-fluesterer.info
FAIL

Isn't CISCO short for ...

Central Intelligence Secretly Covered Operation?

Bloke robbed of $800,000 in cryptocurrency by fake wallet app wants payback from Google

pc-fluesterer.info
FAIL

Compassion? Nil!

Move on, nothing to be seen here!

Windows Start Menu not starting? You're not alone

pc-fluesterer.info
Linux

"Restarting your Windows device might help" :-)

"You changed the position of the cursor. For this change to take effect you have to restart Windows. Do you want to restart now? Yes/No/Perhaps"

:-D

HelloXD ransomware bulked up with better encryption, nastier payload

pc-fluesterer.info
Linux

Re: "Linux under attack"?

I compare M$ Office under M$ Windows to a Linux desktop*) and LibreOffice, Collabora or the like. And a Windows Server or even - shudder - Exchange to a Linux Server with the equivalent mail server and groupware.

*) Choice of distribution is up to you.

pc-fluesterer.info
WTF?

Re: "Linux under attack"?

I wrote 'well administered' by purpose. It means:

1. The user doesn't know the root pw, so social engineering can do little harm.

2. Misconfiguration: Admin fault, not Linux fault.

My question is unanswered still: In common ransomware attacks M$ Windows and M$ Office play key roles. What would be a comparable attack vector against LINUX (not against admin faults)?

pc-fluesterer.info
Linux

"Linux under attack"?

Well, I know how ransomware enters Windows systems.

What would be the attack vector for Linux?

I for one can't see anything comparable.

Don't come with "If the malware is in the system it can do this and that".

I want to know HOW the malware should be able to enter a well administered Linux System.

The victim has to install it manually and give the root password? :-(

Singapore uncovers four critical vulnerabilities in Riverbed software

pc-fluesterer.info
FAIL

Backdoor(s)?

you'd better close those backdoor(s) before Putins hackers exploit them. <eg>

Ragnar ransomware gang hit 52 critical US orgs, says FBI

pc-fluesterer.info
Pint

Windows only, right?

Just asking ...

EU, US close to replacing defunct Privacy Shield II

pc-fluesterer.info
FAIL

CLOUD Act and PATRIOT Act

At least those two laws prohibit a new "agreement". Such an agreement is plain impossible as long as these laws exist.

Linux Snap package tool fixes make-me-root bugs

pc-fluesterer.info
Thumb Down

The idea behind SNAP is ...

to accomplish a vendor lock-in!

Cyberattacker hits German service station petrol terminal provider

pc-fluesterer.info
Facepalm

"Cyberattack" sounds like the usual excuse

The truth:

"We are working in a M$ monoculture; we neglected our preventive IT scurity; a staffer opened a SPAM AND opened the attachment AND allowed macros."

Ouch!

Instead of the common "attack" by SPAM it may have been an attack against the known weaknesses of the M$ Exchange Server, automated as well.

Three US states plus Washington DC sue Google for using UI design 'dark patterns' to harvest your location

pc-fluesterer.info

Re: Secrets -- or turn to Custom-ROM

You'd better turn to a FOSS custom-ROM in the first place: LineageOS, System /e/, iodé, Sailfish, you name it.

pc-fluesterer.info
Megaphone

... or use FOSS

so why do you use gmaps at all? There are FOSS maps such as MagicEarth or OSMAnd.

Apple's anti-ad-tracking iPhone feature took a '$10bn' chunk out of social network revenues

pc-fluesterer.info
Boffin

yes: Refrain from Apple

easy done: Don't use Apple spy devices.

pc-fluesterer.info
Facepalm

No need to use F.c.book

"I have family all over the world that I want to easily keep in touch with"

Well, there are other, and most of all CLEAN, ways to accomplish that!

Signal, Threema, Wire, even Telegram is better than F.c.book, Insta or WA. And there are federated networks such as Jabber/XMPP or Element/Matrix.

No need to use F.c.book.

Informatica UKI veep was rightfully sacked over Highways England $5k golf jolly, says tribunal

pc-fluesterer.info
Holmes

"how playing golf benefited the business"

How may playing golf benefit the business? Hm. Just thinking, though.

Canon makes 'all-in-one' printers that refuse to scan when out of ink, lawsuit claims

pc-fluesterer.info
FAIL

neither nor

Lexmark: Last time i got my hands dirty by having to deal with the SW-crap they produce, it behaved like the computer had become member of a so-called church which to leave is near to impossible. Try and deinstall a Lexmark printer! The whole Windows printing system is an unrecoverable mess. Lucky the man who has an image of the clean and functioning state.

HP: Had the same issue with a HP MFP many years ago. The scanner part was defective. Repair economically not worthwhile. The printer part in solidarity refused to work, same as Canon :-(

Facebook posts job ad for 10,000 'high-skilled' roles to 'build the metaverse' – and they'll all be based in the EU

pc-fluesterer.info
Big Brother

anybody remember Google Glass?

And the public rage that stopped it? Where is the rage against the Metaverse?

pc-fluesterer.info

yes. They lie at you with a pale face.

Android OS vendor variants transmit data with no opt-out

pc-fluesterer.info
Coat

Re: Why worry?

"Google know more about you and your life than you will ever remember" - WRONG

The chocolate factory has nothing to gain here. The majority of the spying services, including doubleclick, is blocked in my PI-hole. I don't accept any cookies from spies. With various add-ons I fight browser fingerprinting and other means of tracking. About me Google may know a little bit, but that is about 2% of the knowledge about average John Doe.

"vote with your feet and opt out": Yes, that is exactly what I do and what I recommend. Replace Android by a clean custom-ROM.

"Alterntives ... are they good enough": The answer is, YES. For me and a lot of other people. Well, true, you need to invest a small portion of brain 1.0

"Governments": If you are target person of the state spies you can't escape them anyway. But you need not feed the Utah data centre of the NSA. It is ok to make their lives a little bit harder. ;-)

pc-fluesterer.info
Linux

addendum

instead of guessing you can see here the contents of the different variants of OpenGApps: https://github.com/opengapps/opengapps/wiki/Package-Comparison

pc-fluesterer.info
Thumb Up

Re: LineageOS misrepresented?

I completely second that. Cf. my post "multiple errors".

pc-fluesterer.info
FAIL

multiple errors

The researchers used LOS *with* additional OpenGApps in the "nano" variant.

Alas they were ill-informed.

1. You can have LOS utterly clean without any Google crap.

2. If you need GSF (Google Services Framework) because you want to use apps that require it, you can install the "pico" variant of OpenGApps or install MicroG, which both contain the essential GSF. The "pico" variant is only half of the size of the "nano" variant. Imagine what makes up for the difference ...

3. You can have LOS with MicroG integrated as "LineageOS for MicroG" https://lineage.microg.org/ or as "System /e/" as in the paper.

4. Even more privacy protection is available as "iodé". That is LOS, MicroG and additional amelioration of privacy protection. Only drawback is that it is available currently only for a restricted set of devices. https://iode.tech/en/iodeos-installation/

I for one use it on my Sony Xperia XA2, perfectly satisfied. It even has a built-in Ad- and Tracking-Blocker. I have 99,9% of the functions I want available AND perfect privacy protection.

When criminals go corporate: Ransomware-as-a-service, bulk discounts and more

pc-fluesterer.info
Holmes

Re: ... or use FOSS

the truth hurts, does it?

pc-fluesterer.info
FAIL

and google is not a reputable e-mail provider

I get SPAM sent from gmail accounts, sometimes even with DKIM signature. Often (depending on my mood) I send ABUSE complaints to all concerned. Have you ever tried sending an ABUSE complaint to abuse@gmail.com or network-abuse@google.com? The reaction is zero, nil, nought. :-(

pc-fluesterer.info
Holmes

... or use FOSS

By using FOSS OS and applications they could avoid 99,99% of the damage.

UK umbrella payroll firm Giant Pay confirms it was hit by 'sophisticated' cyber-attack

pc-fluesterer.info
FAIL

Windows anyone?

Could it by any means be possible that the company employs Windows and further M$-crap? Just thinking.

Well, to attack such a M$ system would need a very high grade of sophistication ... :-(

Lithuania tells its citizens to throw Xiaomi mobile devices in the bin

pc-fluesterer.info
Thumb Down

root != unlock bootloader

sad to see how widespread this misunderstanding still exists.

With root you get administrator privileges inside you OS, be it stock android or a custom-ROM.

You don't need root to flash a custom-ROM! For that you need to unlock the bootloader, for which in turn you need a code from the manufacturer. Some of those support that, some don't.

The reason why they don't? My suspicion is that they try and achieve a vendor-lock-in.

pc-fluesterer.info
Megaphone

easy solution: Replace that crap by a clean custom-ROM

Get rid of all that crap, bloatware, spyware, censorware.

Install a custom-ROM such as LineageOS, available here: https://wiki.lineageos.org/devices/apollon

There may be others; I didn't investigate further. LOS normally is sufficient. The one who needs GSF (Google Services Framework) installs OpenGApps or MicroG in addition.

I do this since my first Android smartphone Sony Ericsson Xperia Pro (slider physical keyboard!) that came with Android 2.3 then, ten years ago. It got a CyanogenMod (predecessor of LOS) from me. I have since *improved* ;-) and/or revitalised many smartphones from OnePlus and Sony with LOS or derivatives. My standby old (2015) Xperia Z5 is out of support from Sony but still runs fine on an up-to-date LOS 17 (~Android 10).

So this is my advice: Go for custom-ROM!

EU open source study highlights economic benefits but says Union is 'on the back foot' with industrial policy

pc-fluesterer.info
Devil

not easy

"... it's now up to the Commission to make it happen - and that will not be easy" - very true.

First you have to beat more than 6 Million US-$ from Microsoft left in Brussels last year. Plus the lobby expenses from other companies (Apple, F.c.book, Google, you name it).

https://www.youtube.com/watch?v=duaYLW7LQvg

Microsoft Azure deprecations: API changes will break applications and PowerShell scripts

pc-fluesterer.info
Alert

"why Microsoft is pulling the rug out"

Just a thought.

Perhaps MS found a severe security flaw that cannot be mended otherwise. Or they had built in a backdoor and have reason to fear that it could be (or is already) discovered by foreign "services" and other cyber-crooks.

Your turn.

Perl Foundation faces more departures after pausing Community Affairs Team

pc-fluesterer.info
Black Helicopters

Culmination because of anger at Covid-19 measures?

The recent year and a half imposed severe restrictions on all of us. They made us quite unhappy and angry. The problem is, there is no single one to blame. But the bad temper piles up. And the first person in the way serves as outlet for all the rage. In my communities, neighbourhood and the like I observe that regularly. :-( It's a pity really.

UK competition bods to keep tabs on Google, ensure 'Privacy Sandbox' doesn't distort competition

pc-fluesterer.info
Boffin

countermeasures:

1. NoScript. Spies such as doubleclick or optimizely I have closed down as "not trustworthy".

Without JS those evil third-parties can neither set not request cookies. My list of untrusted domains is looong.

2. Cookie Autodelete.

I for one accept all cookies. As soon as I leave the site the cookies and other fingerprinting crap are deleted (except those on my whitelist). :-)

Good news for pentesters and network admins: US issues ransomware guidance asking biz to skill up security teams

pc-fluesterer.info
Coat

There is no glory in prevention

old proverb but alas still very true.

Huawei names first tablets, phones to run its Android-in-disguise HarmonyOS 2

pc-fluesterer.info
Megaphone

and MagicEarth

these two (MagicEarth and OSMAnd) are my favourite maps and navigation apps on LineageOS. Google? NEVER!

Apple is happy to diss the desktop – it knows who's got the most to lose

pc-fluesterer.info
Thumb Down

ridiculous - "Win10 ... is no more inherently vulnerable than Apple or Linux ..."

https://www.cvedetails.com/product/38/?q=linux

https://www.cvedetails.com/product/32238/?q=Windows+10

and that is only five years for win10!

Just two figures: code execution vulnerabilities

Linux - 50 in eleven years

Win10 - 468 in five years!

What's more, nearly all of the Linux vulnerabilities are only locally exploitable.

Thus, the claim repeated in the title is a very bold - and false - assertion.

pc-fluesterer.info
Happy

Linux updates burn zero time

Of course I use only LTS systems (debian, Mint, LMDE). All of them are automatically updated in background; very seldom I have to perform a few clicks. When I sometimes start my Win-10 VM - what a resources hog! Linux rules.

Cisco HyperFlex web interface has critical flaw that lets attackers get root and execute arbitrary commands

pc-fluesterer.info
FAIL

it's not a bug, it's a feature!

... for the three-letter-agencies.

If you have a QNAP NAS, stop what you're doing right now and install latest updates. Do it before Qlocker gets you

pc-fluesterer.info
FAIL

Hard-coded login credentials - ouch!

some may call it a backdoor.

I for one would never ever buy a NAS off the shelf, not from QNAP nor S...ology nor the rest of the gang.

After all, there is OpenMediaVault. You can install it on a RasPi an tailor it to exactly your needs. Mission accomplished.

10 years later, Chrome OS starts to look like a proper OS with hardware diagnostics and the ability to scan documents

pc-fluesterer.info
Thumb Up

use Linux

A "Linux based" OS - what's the use? You can employ Linux directly.

If you avoid xUbuntu you have no slurping at all.

Now it is F5’s turn to reveal critical security bugs – and the Feds were quick to sound the alarm on these BIG-IP flaws

pc-fluesterer.info
FAIL

USA network gear? Off-limits!

s/security bugs/backdoors/

1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app?

pc-fluesterer.info
Megaphone

Re: "Cloud" and passwords

nothing to worry about if all content is encrypted client-side an the cloud stores it zero-knowledge. Go for Bitwarden (the FOSS version from f-droid).

pc-fluesterer.info
Flame

LogMeIn is owned by - uhm - Private Equity

https://www.globenewswire.com/news-release/2020/08/31/2086214/0/en/Francisco-Partners-and-Evergreen-Coast-Capital-Complete-Acquisition-of-LogMeIn.html

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER