Category: Security Infos

Android Hidden Location Tracker

If you use a Android device google can track you via scanned and known wifi Networks without any connection! Android scans your area, shops, stores for public wifi networks, via LTE / GSM the OS verify the Data online at Google. As Result Google Maps sends you Popups to VOTE the last visited Places at Google Maps. That’s all WITHOUT GPS and WIFI connected only LTE/GSM ! Purge Google Account! (disconnect!) and disable all unwanted Google Apps especially Uploaders (Backups) then go Android Settings -> Wifi -> Advanced Wifi Settings! Disable the “local wifi scan” option switch at Android! Remark: […]

Apache MEMCACHED UDP Protection

Current a lot of sites blogging about memcached attacks on Servers here some details: Memcached Servers need a installed and running Service called “memcached” Websites need a php-plugin like php7.0-memcached to connect via API to the memcached Service The Memcached Service uses a own Config File at debian /etc/memcached.conf By default it MUST listen to localhost or socket Admins MUST setup a FIREWALL like “ufw” (iptables) and MUST check own Server for OPEN PORTS with nmap The Problem is that Attackers can run Scripts against to your Server in a 10^6 Range like a BOTNET !! with ONE PC cause […]

ENFORCE Google to DuckDuckgo SEARCH

If you want to enforce the use of DuckDuckgo.com instead of google.com do: Edit at the PC the “hosts” File on: Linux /etc/hosts Windows C:\Windows\System32\drivers\etc insert at last: 54.229.105.92 google.com #ip of duckduckgo or 176.34.131.233 54.229.105.203 google.com #ip of duckduckgo 176.34.131.233 bing.com #ip of duckduckgo or 176.34.131.233 176.34.131.233 yahoo.com #ip of duckduckgo or 176.34.131.233 ..reboot and test on a Browser Session after google.com you see duckduckgo.com Remark: Most DSL Routers do offer the edit of the hosts File too, do same there and ALL devices redirected! Don’t forget to reboot! This Solution works only on IPv4 Networks, to enforce the […]

Nextcloud Owncloud Opensource Risk’s

If you are current using Nextcloud / Owncloud or other PHP-Kits for File Handling you should know these remarks: Based on this Article You must know: Details of Security about your current used PHP Versions (7.X) Details of your used Database Version (MySQL..) Details of hardened OS and Webserver Version (Apache,Firewall,fail2ban,file policys, selinux, apparmor filter) See ALWAYS PHP-Kits of opensource with the trust of NON HARDENED SOFTWARE (prefer NON-PUBLIC ACCESS) You can ACCESS this Software thru SSH TUNNELS with a local running non-caching PROXY (privoxy) Use the SSH Tunnels on unknown Ports and Login via Key Files which must be […]

Ubuntu 16.04 Compiz Hang Kernel

After Ubuntu published the latest Kernel Patches for Meltdown and Spectre the Kernel 4.4.0-104/109-generic let Intel Graphics freeze or hang on Compiz with Unity. Howto fix: Install the latest Kernel 4.4.0-112-generic do: sudo apt-get install linux-image-4.4.0-112-generic sudo apt-get install linux-image-extra-4.4.0-112-generic reboot then: sudo apt-get autoremove –purge -y This removes older kernels and save Space! Do test the PC for hanging again!!!