oh shit, another backdoor uncovered
who does believe this was not a backdoor?
131 publicly visible posts • joined 23 Feb 2020
not every malware relies on vulnerabilities. A vulnerability, if at all, you only need as part of an attack vector to infiltrate a system. But as well you can implement a RAT or whatever malware targeted and manually if you can get hold of the machine(s) in question. That doesn't employ a vulnerability.
OVH for me has a very bad taste. I run a website that is under attack frequently. XSS, SQL injection, malicious uploads, attempts to log in - you name it. My firewall logs the source of attacks; subsequently I block the entire address range of the provider concerned from future access.
About 10% of all attacks (worldwide) stem from OVH!
A very respectable provider ... :-(
Jabber, or XMPP as we call it nowadays, is just a protocol. The protocol is not the culprit; it is beyond any suspicion. The culprit is faulty (or backdoored, to be precise) SW in the case of Cisco, or a malicious App in the case of Alcatel. But who uses Cisco in the first place? I for one would never ever use Cisco (nor any other US-supplied network gear), particularly not for XMPP.
"Ransomware attacks exist on Linux as well as Windows" - WRONG.
Please give us one example - only one, pleeeease! - of an attack vector similar to those in the M$ biotope. A malware attack similar to those under Windows is IMPOSSIBLE against a Linux (or xBSD) desktop and network. You always need a maliciuos insider (such as 'evil maid') and/or severe blunder of system management.
Web servers are even more endangered. Why do the majority of web servers world wide run on Linux or xBSD? All successful attacks against Linux/xBSD web servers I know of were based on administrators errors (weak password and the like) and/or security holes in application SW (CMS, shop, database, ...). Which again is an administrative or system management error: Available patches not applied. NEVER was a weakness in the underlying OS Linux or xBSD part of the attack vector - in all cases I know of. Do you know better?
To make that clear: I am talking about the usual mass attacks. If you are target of a governmental "service" - they find their way sooner or later, so good luck! :-)
The choice of Linux distros that are 32-bit capable will narrow as time proceeds. Mint 19.3, supported until April 2023, is available for 32-bit. The successor Mint 20 is not! And the basis for Mint 20, Ubuntu 2004, has several aspects not welcome (packet format 'snap' and the corresponding proprietary app-store is one of them).
I am in the process of migrating many machines (mine and customer's) running Mint to LMDE. That is based on debian directly without deviation over Ubuntu. LMDE 4 still is 32-bit capable. Only backlash is that currently it comes with DE Cinnamon which is a resource-hog, not quite apt for elderly machines. But just replace it by DE Mate an you're done. :-) Happy ever since ...
yes, I did. I bought a charger from a German merchant. ((Not even Amazon, as I NEVER buy there, for various reasons.)) The studs that go into the wall were too short an too small. In some receptacle the thing would work, in others not. It would build a loose contact, leading to danger of sparks an subesquent fire. Of course the charger had CE and a lot of further security tokens on it. I forwarded the dangerous thing to German authorities. But what's the use? German or even European authorities can only prosecute the merchant. They will never get hold of the Chinese manufacturer.
yes, that's true, I forgot: tuta lacks notification. And free accounts not used for six months are deleted. So, advantage for proton. Still tuta has its place for "special" purposes. ;-)
yes, lavabit, mailbox.org and posteo all cost. Huge amounts such as 15$/year (lavabit) or 12€/year (the other two). For more money you get more features.
I for one have paid accounts with ALL providers mentioned (incl. tuta an proton). And I can say: They are worth every single cent!
I for one don't use Samsung because I don't want to support children's work and bloody raw materials. But if someone owns already a S... device and wants to dispose off the bloatware and espionage, the only way is to install a custom ROM. That is no rocket science; I have done it on several devices from various manufacturers. Not yet on a S... but it seems to be easier than with some others. The key is the SW Odin delivered by S. Here is a link to start from:
https://www.cyanogenmods.org/forums/topic/lineage-os-16-for-galaxy-s5/
hth.
I for one don't use Samsung because I don't want to support children's work or bloody raw material. Anyway, if someone has a Samsung device already and wants to get rid of bloatware and espionage, the only way out is a custom-ROM. I have done that on various Android devices, not yet on Samsung. But as far as the news go it seems to be a quite simple process, simpler than on other devices. The key is the SW Odin delivered by Samsung. Here an link to start from:
https://www.cyanogenmods.org/forums/topic/lineage-os-16-for-galaxy-s5/