Today iam going offline with any of my Smarthones for Testing. Why? all current Smartphones based on nonfree Hard and Software less patched Hackers can remote force install Trojans as Updates (especially Stores by gov order) non rooted devices are black boxes rooted Images or Tools as Workarounds are often not published in which way the System OS is broken down, Hackers don’t work nonprofit ! Linux Laptops usage is often easier and much safer, you have full control and can run security tools to monitor Apps for free do always call home at background can’t control active background jobs […]
Category: Security
WordPress Bug Backdoor delete Files
Current a Major Bug is published up to WordPress lastest Release 4.9.6! The real Nonsense is that the WordPress Core Team did know it since Nov. 2017 !! And changes NOTHING! More Details here reported and a public review here
Health Status Data on Cloud Services
From the current News we hear that insurances offers humans to save the complete health status at a Cloud based App. This is by DEFAULT insecure! Smartphones get less OS Security Updates by Manufacter Users do NOT know to handle Updates Users can’t update Firmwares by default Apps most located at App Stores (Google, Apple) App Stores Analyse downloads and usage of Apps, with this getting personal Data to SELL!! No Health Insurance knows to securing Data Pools especially Clouds !! No one will help Humans if Cloud App Keys abused and Data stolen Humans can be forces to offer […]
Android Hidden Location Tracker
If you use a Android device google can track you via scanned and known wifi Networks without any connection! Android scans your area, shops, stores for public wifi networks, via LTE / GSM the OS verify the Data online at Google. As Result Google Maps sends you Popups to VOTE the last visited Places at Google Maps. That’s all WITHOUT GPS and WIFI connected only LTE/GSM ! Purge Google Account! (disconnect!) and disable all unwanted Google Apps especially Uploaders (Backups) then go Android Settings -> Wifi -> Advanced Wifi Settings! Disable the “local wifi scan” option switch at Android! Remark: […]
Social Media Giants Data Abuse
Today on Net News faces that Social Media Giants like facebook seems out of control, the new GDPR DSGVO won’t stop them printing gold by data abuse. Time to disconnect.. or replace your apps and Internet foot prints..
Apache MEMCACHED UDP Protection
Current a lot of sites blogging about memcached attacks on Servers here some details: Memcached Servers need a installed and running Service called “memcached” Websites need a php-plugin like php7.0-memcached to connect via API to the memcached Service The Memcached Service uses a own Config File at debian /etc/memcached.conf By default it MUST listen to localhost or socket Admins MUST setup a FIREWALL like “ufw” (iptables) and MUST check own Server for OPEN PORTS with nmap The Problem is that Attackers can run Scripts against to your Server in a 10^6 Range like a BOTNET !! with ONE PC cause […]
ENFORCE Google to DuckDuckgo SEARCH
If you want to enforce the use of DuckDuckgo.com instead of google.com do: Edit at the PC the “hosts” File on: Linux /etc/hosts Windows C:\Windows\System32\drivers\etc insert at last: 54.229.105.92 google.com #ip of duckduckgo or 176.34.131.233 54.229.105.203 google.com #ip of duckduckgo 176.34.131.233 bing.com #ip of duckduckgo or 176.34.131.233 176.34.131.233 yahoo.com #ip of duckduckgo or 176.34.131.233 ..reboot and test on a Browser Session after google.com you see duckduckgo.com Remark: Most DSL Routers do offer the edit of the hosts File too, do same there and ALL devices redirected! Don’t forget to reboot! This Solution works only on IPv4 Networks, to enforce the […]
Nextcloud Owncloud Opensource Risk’s
If you are current using Nextcloud / Owncloud or other PHP-Kits for File Handling you should know these remarks: Based on this Article You must know: Details of Security about your current used PHP Versions (7.X) Details of your used Database Version (MySQL..) Details of hardened OS and Webserver Version (Apache,Firewall,fail2ban,file policys, selinux, apparmor filter) See ALWAYS PHP-Kits of opensource with the trust of NON HARDENED SOFTWARE (prefer NON-PUBLIC ACCESS) You can ACCESS this Software thru SSH TUNNELS with a local running non-caching PROXY (privoxy) Use the SSH Tunnels on unknown Ports and Login via Key Files which must be […]
Ubuntu 16.04 Compiz Hang Kernel
After Ubuntu published the latest Kernel Patches for Meltdown and Spectre the Kernel 4.4.0-104/109-generic let Intel Graphics freeze or hang on Compiz with Unity. Howto fix: Install the latest Kernel 4.4.0-112-generic do: sudo apt-get install linux-image-4.4.0-112-generic sudo apt-get install linux-image-extra-4.4.0-112-generic reboot then: sudo apt-get autoremove –purge -y This removes older kernels and save Space! Do test the PC for hanging again!!!
Meltdown Spectre VM Hosting
Thru current IT News you may have heard about the major Security Problem of x86 Technology. If your Websites current hosted on VM at VM Providers, contact them to get current news about their bug handling of their VM Host Servers. If you get no details, then shutdown your sites temporarily, or look for a other solution which isn’t running on x86 Technology. Otherwise you can try to switch from php-kits to static HTML Websites. On the Net there are very helpful tools to do this easy. For WordPress is a WP to HTML Plugin available. This dumps your blog […]
Debian: without sytemd
If you run Debian Servers, you read last weeks about security problems of systemd service manager. On several tests i have seen much systems having problems on service starts on boot like on debian, raspian .. This is a result of not clean redesigned scripts of the services by the Maintainers like the Proxy Server “privoxy” Package… For Tests i decided to try the new Debian Fork Replacement DEVUAN for Desktop and a standard Debian Server Setup without systemd! Howto purge Systemd on a Debian System read this external Wiki: http://without-systemd.org/wiki/index.php/How_to_remove_systemd_from_a_Debian_jessie/sid_installation or try Devuan for Server and Desktop: https://devuan.org/ Remark: […]
Security: Disable USB Drive mount for Users
If you share your Systems and you want to disable USB Drive connects there is a small solution. By default the gvfs Service handle all automounts and drive scans. On old Linux Systems you could purge the complete gvfsd “Backend” but Ubuntu-Desktop forces some pakets to the default Desktop Package! If you purge it the working Desktop can be destroyed! It’s easier to disable the “USB Drivers” called Modules from load on Start! Cause Rules are “Software” and can FAIL unknown!! Howto? Edit the /etc/modprobe.d/blacklist.conf and add: blacklist usb_storage blacklist uas Update initramfs (Kernel Image) update-initramfs -u -k all reboot […]
Security: Isolated Browser eMail Programs
If you want to be more secure, on Linux you can isolate used programs on different Users! All you need is installed by default! Howto: Add a new User for eMail and Browser to the System with: $sudo adduser mailuser $sudo adduser webuser now install if not installed by default “gksu” User Switch $sudo apt-get install gksu copy now the default App Links to webuser’s Home Desktop, for mailuser enter mailuser’s name $cp /usr/share/applications/firefox-esr.desktop /home/webuser/Desktop/firefox-esr.desktop edit the firefox-esr.desktop by right click on nautilus or a editor and change command line: old: /usr/lib/firefox-esr/firefox-esr %u to: gksu -u webuser -w "/usr/lib/firefox-esr/firefox-esr %u" […]
Security: Protection Against Cryptware Wannacry
You heard perhaps last day’s about the major problems of Attacks to Systems with the “WannaCry” Crypto Ware Howto protect yourself? Enable the Firewall on Windows Systems!! Always! Update daily the Virus Scanners and Windows Patches! Disable and CLOSE Ports you never need! SMB Protocol is a open unencrypted Transfer Protocol! Use a second Router with Firewall behind your ISP Router or Modem! (openwrt, pfsense) Check with nmap Portscanner Tool the taken Rules and check if the work! For Network Access use ALWAYS SFTP with Authentification over KEYs Logins (Two Factor: Key and Password for unlock the Keyfiles id_rsa) For […]
Linux Console: SSH Echo Last User LOGIN Info
If you use SSH Logins to your Systems, you perhaps want to know, who logged in last days and from which IP Address. Screenshot SSH Login Echo LAST Info: Howto: Open the .profile File at your Home with a Editor and enter: clear last -n 4 This will echo after login the last 4 Logins including the used IP’s To prevent Hackers to purge the lines set the .profile File “readonly” sudo chmod 444 .profile sudo chown root:root .profile
Android Browser: GNU IceCat the better Android Browser for you?
If you use Android on your Tablet or Phone, and you like to get back more privacy and security you should take a closer look at the GNU IceCat Android Browser: Source: https://ftp.gnu.org/gnu/icecat/38.6.0/ (Outside of Play Store) IceCat need NO Google Account and does not call home, install it and try it. I don’t wanne miss IceCat on my Cellphones Handling is same like Firefox, cause it’s based on Firefox Framework, but offers more user access.