no more cubes

Tag: security

  • RunC CVE-2019-5736

    Use Containers they said.

    It’d be more secure, they said.

    Until CVE-2019-5736 was disclosed.

  • Der Zustand des Staatstrojaners.

    Der BND nutzt über einen Zeitraum von 5 Jahren ein Budget von 4 Millionen Euro, um allgemeine Sicherheitslücken auf dem freien, aber schwarzen Markt aufzukaufen. Zielsetzung ist selbstverständlich die Verwertung zum Einsatz von Staatstrojanern. Herrn Mayer zufolge wendet der BND diese Information lediglich gezielt zur Strafverfolgung ein, ignoriert dabei aber die Tatsache, dass die Sicherheitslücke weiterhin auf potentiell Millionen von Geräten weiterhin existiert. Dem ist eigentlich nicht viel hinzuzufügen.

    CSU-Staatssekretär Stephan Mayer versteht die Technologie von Staatstrojanern überhaupt nicht – oder er führt die Öffentlichkeit mit Unwahrheiten in die Irre. Bei “Maybrit Illner” gab der Politiker jedenfalls kein gutes Bild ab.

    Source: Innenstaatssekretär Mayer blamiert sich mit Aussagen zum Staatstrojaner – netzpolitik.org

     

  • #Hackerangriffe

    #Hackerangriffe

    Weil es gerade in allen Medien heiss diskutiert wird: ein paar kleine Tips, wie man den schlimmsten Problemen im Internet ein bisschen vorbeugen kann und potentiellen Schaden vorbeugend eingrenzen kann. Wikipedia zu den Vorfällen dazu.


    PC und Telefon
    Alle System-Updates Zeitnah installieren
    Privatsphäre-Optionen auf allen Geräten nutzen
    Berechtigungen von Apps auf Telefonen und Tablets stark beschränken (Kontakte, Kamera, Location, Mikrofon etc.)…

    eMail
    HTML-email ausmachen, externe Inhalte von e-mails nachladen ausmachen, Vorsicht bei email-Anhängen,
    Möglichst einen anderen eMail-Account zur Kommunikation verwenden, als den, der zur (Account-)Registrierung verwendet wird, wegen Passwort-Wiederherstellung.

    Passwörter
    schwer zu ratende Passwörter verwenden & für jeden Dienst ein eigenes verwenden
    Wo möglich, 2-Factor-Authentication verwenden.

    Sozial
    Niemals Login-Daten preisgeben, auch nicht telefonisch
    Facebook-Account löschen, ausserdem:
    Niemals Login with Google/Facebook/Twitter etc. verwenden
    Location-Übermittlung überall ausmachen
    Telefonbuch-Sync für Social Media in keinem Moment erlauben
    Höchstprivate Daten besser löschen (Chatverlauf, Bilder)

    Daten
    Festplatten-Verschlüsselung einschalten
    Für Chat-Kommunikation nur verschlüsselte Messenger verwenden, z.B. Signal oder Threema
    Für eMail: S/MIME oder GPG verschlüsseln…
    Backups verschlüsseln

    Bild von Nasir Khan, CC-BY-SA2.0

  • A quick introduction to web security

    CORS, CSP, HSTS, and all the web security acronyms!link.medium.com/jMrLJYrzBR

  • Security Planner – Improve your online safety with tools for your needs.

    The Citizen Lab, an

    interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, focusing on research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security.

    released “Security Planner” early last week. Security Planner is a tool that will guide everybody through their Internet usage habits with only few simple questions

    Answer a few simple questions to get personalized recommendations of free and open-source software. It’s confidential — no personal information is stored, and we won’t access any of your online accounts.

    With this information, it provides simple steps and personalized safety recommendations to follow for the improvement of individuals privacy online. The recommendations base on free- and open source projects and best practices, aiming to raise awareness and help people maintain better privacy.

    Source: Security Planner – Improve your online safety with tools for your needs.

  • Smart TV Security

    So, this is the future of security with smart devices.

    Samsung has confirmed that its “smart TV” sets are listening to customers’ every word, and the company is warning customers not to speak about personal information while near the TV sets. The company revealed that the voice activation feature on its smart TVs will capture all nearby conversations. The TV sets can share the information, including sensitive data, with Samsung as well as third-party services. The news comes after Shane Harris at The Daily Beast pointed out a troubling line in Samsung’s privacy policy: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.” Samsung has now issued a new statement clarifying how the voice activation feature works. “If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search,” Samsung said in a statement. “At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV.” The company added that it does not retain or sell the voice data, but it didn’t name the third party that translates users’ speech. Update, Feb. 10: Samsung has updated its policy and named the third party in question, Nuance Communications, Inc. Meghan DeMaria

    via: Samsung warns customers not to discuss personal information in front of smart TVs

  • Docker 1.10

    Docker announced version 1.10 past week. The new release contains more than 100 improvements over the previous version. New features include better resource management, a more flexible docker-compose file format and improvements to security. These are in particular through user namespace isolation, implementation of seccomp for syscall filtering and an authorization plugin to restrict access to Docker engine features.

    We’re pleased to announce Docker 1.10, jam-packed with stuff you’ve been asking for. It’s now much easier to define and run complex distributed apps with Docker Compose. The power that Compose brou…

    via: Docker Blog
    Release notes.

  • Telefónica on protecting #IoT

    Whatever we do, it’s not sufficient. Because the technology is developing and evolving at a pace too quick. That’s what Telefónica concludes. No surprise there.

    The Internet of Things (IoT) is developing at an enormous pace, much so that it outpaces any and all security efforts.

    via: ITProPortal.com

  • State of Internet of things security

    Forrester, well known for their predictions on the impact of technology, took a look at the state of Internet of Things Security. To no surprise they came to the conclusion the technology still has to come a long way.

     

    Forrester’s take on the Internet of things isn’t that shocking–the industry has developed with little thought about security–but the time frames are jarring nonetheless.

    Quelle:  ZDNet

  • Internet of Things security

    Security on the Internet of things has often been said to be bad. Apparently Shodan runs a search engine for sleeping kids. Through kids monitor cams available to watch. Publicly on the internet. Enough proof the Internet of Things really needs security. 

    Shodan search engine is only the latest reminder of why we need to fix IoT security.

    Quelle: Internet of Things security is so bad, there’s a search engine for sleeping kids | Ars Technica