Category: Security & Privacy

  • Offenbar ist der Grund für den gestrigen und heutigen Ausfall der Telekom: ein bekannter Bug in TR069. Es gibt offenbar auch ein Metasploit Modul dafür.

    Source: Port 7547 SOAP Remote Code Execution Attack Against DSL Modems – SANS Internet Storm Center

  • The code I’m still ashamed of

    The following came through my timelines a few days back. A guy feels guilty for what he did – as a programmer – when he was young. Basically he built a promotional website for a questionable medicaments. Apparently the drug has side effects of depression and suicidal thoughts. Only after his sister was prescribed the same medicaments, his conscience made him quit what he was doing.

    If you write code for a living, there’s a chance that at some point in your career, someone will ask you to code something a little…

    Source: The code I’m still ashamed of

    Also, the author writes the following:

    As developers, we are often one of the last lines of defense against potentially dangerous and unethical practices.

    It’s a pretty sure bet everybody long enough in the Internet Business has had moments like this before. For myself, there were a few moments, where I saw an ethical border that I didn’t want to cross. As a student, this was porn. As a professional, it was weapons manufacturers.

    Interestingly enough, I even quit two companies for their ambition in IT security. The first pushed datacenter-grade firewalls to small businesses that basically only needed a DSL modem. Through a sales method borrowed from insurance brokers.

    The other one at least had a solid technology, but developed a solid sales pitch relying on the same FUD, that crosses that ethical border.

    Just like with medication, people shouldn’t buy security out of fear, or any other product for that matter. And any technical person should strive for educating customers and not helping sales people create that fear.

  • Symantec will Sicherheitsanbieter Lifelock übernehmen

    Digitalisierung verlagert vieles Alltägliche ins Internet, und die Unsicherheit um den Umgang mit dieser neuen Situation wird von Sicherheitsfirmen schon lange ausgenutzt. Nun will Symantec offenbar Schutz vor Identitätsdiebstahl anbieten und dazu einen umstrittenen Anbieter übernehmen:

    2,3 Milliarden US-Dollar will Symantec zahlen, um sich mit einem Anbieter für Schutz vor Identitätsdiebstahl zu verstärken. Die Firma namens Lifelock musste aber schon zwei Millionenstrafen wegen nicht gehaltener Werbeversprechen zahlen.

    via: Symantec will umstrittenen Sicherheitsanbieter Lifelock schlucken | heise online

  • John Oliver talks about Encryption

    John Olivers ‘Last Week Tonight’ on encryption in general and the the case Apple vs. FBI in particular.

  • Fake Bomb Threat for Bitcoin

    Old and busted: DDoS 4 Bitcoin

    New hotness: Fake Bomb Threat 4 Bitcoin

  • Smart TV Security

    So, this is the future of security with smart devices.

    Samsung has confirmed that its “smart TV” sets are listening to customers’ every word, and the company is warning customers not to speak about personal information while near the TV sets. The company revealed that the voice activation feature on its smart TVs will capture all nearby conversations. The TV sets can share the information, including sensitive data, with Samsung as well as third-party services. The news comes after Shane Harris at The Daily Beast pointed out a troubling line in Samsung’s privacy policy: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.” Samsung has now issued a new statement clarifying how the voice activation feature works. “If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search,” Samsung said in a statement. “At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV.” The company added that it does not retain or sell the voice data, but it didn’t name the third party that translates users’ speech. Update, Feb. 10: Samsung has updated its policy and named the third party in question, Nuance Communications, Inc. Meghan DeMaria

    via: Samsung warns customers not to discuss personal information in front of smart TVs

  • Internet Archive: The Malware Museum

     The Internet Archive now has a collection of malware that was distributed in the 1980s and 1990s on home computers and early PCs.

    Through the javascript post of DosBox (EM-DosBox) you can even execute the viruses and watch their message in your browser.

    via: The Malware Museum : Internet Archive

  • Docker 1.10

    Docker announced version 1.10 past week. The new release contains more than 100 improvements over the previous version. New features include better resource management, a more flexible docker-compose file format and improvements to security. These are in particular through user namespace isolation, implementation of seccomp for syscall filtering and an authorization plugin to restrict access to Docker engine features.

    We’re pleased to announce Docker 1.10, jam-packed with stuff you’ve been asking for. It’s now much easier to define and run complex distributed apps with Docker Compose. The power that Compose brou…

    via: Docker Blog
    Release notes.

  • Passweird 

    Correct Horse Battery Staple. But in gross. With Passweird.

    Passweird – Passwords too Gross to Steal

    Quelle: Passweird – Passwords too Gross to Steal