Category: Security Infos

Nextcloud Owncloud Opensource Risk’s

If you are current using Nextcloud / Owncloud or other PHP-Kits for File Handling you should know these remarks: Based on this Article You must know: Details of Security about your current used PHP Versions (7.X) Details of your used Database Version (MySQL..) Details of hardened OS and Webserver Version (Apache,Firewall,fail2ban,file policys, selinux, apparmor filter) See ALWAYS PHP-Kits of opensource with the trust of NON HARDENED SOFTWARE (prefer NON-PUBLIC ACCESS) You can ACCESS this Software thru SSH TUNNELS with a local running non-caching PROXY (privoxy) Use the SSH Tunnels on unknown Ports and Login via Key Files which must be […]

Ubuntu 16.04 Compiz Hang Kernel

After Ubuntu published the latest Kernel Patches for Meltdown and Spectre the Kernel 4.4.0-104/109-generic let Intel Graphics freeze or hang on Compiz with Unity. Howto fix: Install the latest Kernel 4.4.0-112-generic do: sudo apt-get install linux-image-4.4.0-112-generic sudo apt-get install linux-image-extra-4.4.0-112-generic reboot then: sudo apt-get autoremove –purge -y This removes older kernels and save Space! Do test the PC for hanging again!!!

Meltdown Spectre VM Hosting

Thru current IT News you may have heard about the major Security Problem of x86 Technology. If your Websites current hosted on VM at VM Providers, contact them to get current news about their bug handling of their VM Host Servers. If you get no details, then shutdown your sites temporarily, or look for a other solution which isn’t running on x86 Technology. Otherwise you can try to switch from php-kits to static HTML Websites. On the Net there are very helpful tools to do this easy. For WordPress is a WP to HTML Plugin available. This dumps your blog […]

Debian: without sytemd

If you run Debian Servers, you read last weeks about security problems of systemd service manager. On several tests i have seen much systems having problems on service starts on boot like on debian, raspian .. This is a result of not clean redesigned scripts of the services by the Maintainers like the Proxy Server “privoxy” Package… For Tests i decided to try the new Debian Fork Replacement DEVUAN  for Desktop and a standard Debian Server Setup without systemd! Howto purge Systemd on a Debian System read this external Wiki: http://without-systemd.org/wiki/index.php/How_to_remove_systemd_from_a_Debian_jessie/sid_installation or try Devuan for Server and Desktop: https://devuan.org/ Remark: […]

Security: Disable USB Drive mount for Users

If you share your Systems and you want to disable USB Drive connects there is a small solution. By default the gvfs Service handle all automounts and drive scans. On old Linux Systems you could purge the complete gvfsd “Backend” but Ubuntu-Desktop forces some pakets to the default Desktop Package! If you purge it the working Desktop can be destroyed! It’s easier to disable the “USB Drivers” called Modules from load on Start! Cause Rules are “Software” and can FAIL unknown!! Howto? Edit the /etc/modprobe.d/blacklist.conf and add: blacklist usb_storage blacklist uas Update initramfs (Kernel Image) update-initramfs -u -k all reboot […]

Security: Isolated Browser eMail Programs

If you want to be more secure, on Linux you can isolate used programs on different Users! All you need is installed by default! Howto: Add a new User for eMail and Browser to the System with: $sudo adduser mailuser $sudo adduser webuser now install if not installed by default “gksu” User Switch $sudo apt-get install gksu copy now the default App Links to webuser’s Home Desktop, for mailuser enter mailuser’s name $cp /usr/share/applications/firefox-esr.desktop /home/webuser/Desktop/firefox-esr.desktop edit the firefox-esr.desktop by right click on nautilus or a editor and change command line: old: /usr/lib/firefox-esr/firefox-esr %u to: gksu -u webuser -w "/usr/lib/firefox-esr/firefox-esr %u" […]

Security: Protection Against Cryptware Wannacry

You heard perhaps last day’s about the major problems of Attacks to Systems with the “WannaCry” Crypto Ware Howto protect yourself? Enable the Firewall on Windows Systems!! Always! Update daily the Virus Scanners and Windows Patches! Disable and CLOSE Ports you never need! SMB Protocol is a open unencrypted Transfer Protocol! Use a second Router with Firewall behind your ISP Router or Modem! (openwrt, pfsense) Check with nmap Portscanner Tool the taken Rules and check if the work! For Network Access use ALWAYS SFTP with Authentification over KEYs Logins (Two Factor: Key and Password for unlock the Keyfiles id_rsa) For […]

Android Browser: GNU IceCat the better Android Browser for you?

If you use Android on your Tablet or Phone, and you like to get back more privacy and security you should take a closer look at the GNU IceCat Android Browser: Source: https://ftp.gnu.org/gnu/icecat/38.6.0/ (Outside of Play Store) IceCat need NO Google Account and does not call home, install it and try it. I don’t wanne miss IceCat on my Cellphones Handling is same like Firefox, cause it’s based on Firefox Framework, but offers more user access.

Android: Get back Privacy and Security

If you use a Android Smartphone (other Mobile-OS same) you should take a minute to get back your privacy and security! This points helps to prevent, but there is no warranty for 100% protection! First every Smartphone offers a Factory Reset, search it on Settings and DO it! This prevent you from Firmware Spam by the Reseller! (Samsung, HTC..) Boot the Phone without inserting a SIM card, create a fake account to get Updates and Software over a PUBLIC WIFI Network (Coffee Shop, Freifunk) Install wanted Apps, then go to Settings now to accounts, PURGE the fake account. Disable / […]

Apache: Analyse Logs Spam Bots

If you admin a Apache Webserver, you see often weekly thousand of visits a day on your Blogs. Background: These are no real users, this visits are made by Spam Bots in my Logs like Xovi.de or xovibot.net Bots! On info pages this Company says Admins should disallow crawl by robots.txt, but they IGNORE the settings! This x-guys is in my opinion against German Law “Datenschutz”. "Mozilla/5.0 (compatible; XoviBot/2.0; +http://www.xovibot.net/)" Solution: On Linux Setup a Firewall like ufw and block these IP Ranges To find out the IPs do: $sudo cat /var/log/apache2/access.log|grep xovibot.net| awk '{ print $2 }' | sort | […]

WordPress: Secure Faster Effective Blogging

If you use WordPress or a other CMS for daily blogging, it’s useful to have a own User Acount on a PC. Advantages: Own Browser for Blogging with saved Passwords Own Link Bar for quick switching between the Social Media Platforms You won’t need to open Security Holes like API Software Interfaces for used Plugins Speeds up the WordPress Blog cause reduced Plugin loads You have the full control. cause most free API Plugins save your Passwords on foreign Servers One touch Bookmarks let you jump fast between the Social Media Platforms No Data are automatic transfered without your knowledge […]