Tag: security

5G Mobile Network opens Pandora’s Box

5G will it make possible to attack mobile Devices and Cars 10 times faster Users will not recognize attacks or uploaded data the wider data bandwith will it make possible to attack much more efficient Remark: checkout if you really need this mobile network, cause slower is sometime safer against automated tools slower mobile network is cheaper disable mobile data if not neeeded to stay hidden and offline, calls option is still working

Goodby Smartphones

Today iam going offline with any of my Smarthones for Testing. Why? all current Smartphones based on nonfree Hard and Software less patched Hackers can remote force install Trojans as Updates (especially Stores by gov order) non rooted devices are black boxes rooted Images or Tools as Workarounds are often not published in which way the System OS is broken down, Hackers don’t work nonprofit ! Linux Laptops usage is often easier and much safer, you have full control and can run security tools to monitor Apps for free do always call home at background can’t control active background jobs […]

LEDE OPENWRT WIFI USB SETUP

Test Setup Futro S500 with USB Wifi Dongle Realtek RTL8192CU PCI Riser Card with Realtek Gigabit LEDE 17.XX Trunk Kernel 4.14 Download latest Version from openwrt.org select x86/64 extract the compressed image (*ext4*img.gz) and dump it with “dd” to CF-Card 1GB Sample for Clean Setup like TP-Link Router Firmware: You need to install this packages by “opkg update && opkg install package name && reboot”: base-files – 184-r6198-ba5f700 busybox – 1.27.2-3 dnsmasq – 2.79rc1-1 dropbear – 2017.75-5 e2fsprogs – 1.43.7-1 firewall – 2017-11-07-c4309372-2 fstools – 2018-02-11-3d239815-1 fwtool – 1 hostapd – 2017-08-24-c2d4f2eb-6 hostapd-common – 2017-08-24-c2d4f2eb-6 hostapd-utils – 2017-08-24-c2d4f2eb-6 iftop – […]

Nextcloud Owncloud Calling Home

I did a deeper firewall test on my fresh installed OpenWRT Router and activated a “Ads Blacklist” after this my owncloud Share Login loops! Result: Seems that some IP’s of the “Update Check Tool” Servers, which is installed inside the PHP-Kit is blacklisted. So it seems the Code calls home!  With this option its possible to count and collect IPs of Setups! Perhaps checkout unpatched Versions! I didn’t check deeper, but the behavior was clear without viewing the codes. After publish this Info via Twitter:   REMARKS: No Company / Developer works for “free” After Setup of PHP-Kits do a […]

Meltdown Spectre VM Hosting

Thru current IT News you may have heard about the major Security Problem of x86 Technology. If your Websites current hosted on VM at VM Providers, contact them to get current news about their bug handling of their VM Host Servers. If you get no details, then shutdown your sites temporarily, or look for a other solution which isn’t running on x86 Technology. Otherwise you can try to switch from php-kits to static HTML Websites. On the Net there are very helpful tools to do this easy. For WordPress is a WP to HTML Plugin available. This dumps your blog […]

Security: Protection Against Cryptware Wannacry

You heard perhaps last day’s about the major problems of Attacks to Systems with the “WannaCry” Crypto Ware Howto protect yourself? Enable the Firewall on Windows Systems!! Always! Update daily the Virus Scanners and Windows Patches! Disable and CLOSE Ports you never need! SMB Protocol is a open unencrypted Transfer Protocol! Use a second Router with Firewall behind your ISP Router or Modem! (openwrt, pfsense) Check with nmap Portscanner Tool the taken Rules and check if the work! For Network Access use ALWAYS SFTP with Authentification over KEYs Logins (Two Factor: Key and Password for unlock the Keyfiles id_rsa) For […]

Android: Get back Privacy and Security

If you use a Android Smartphone (other Mobile-OS same) you should take a minute to get back your privacy and security! This points helps to prevent, but there is no warranty for 100% protection! First every Smartphone offers a Factory Reset, search it on Settings and DO it! This prevent you from Firmware Spam by the Reseller! (Samsung, HTC..) Boot the Phone without inserting a SIM card, create a fake account to get Updates and Software over a PUBLIC WIFI Network (Coffee Shop, Freifunk) Install wanted Apps, then go to Settings now to accounts, PURGE the fake account. Disable / […]

Security: Harden DSL Routers and Networks against attacks

Last days there was a high count of news about the Bot Attacks against T-Com Telekom Router devices. To understand the behavior about this up comming security problems you should know following points : Every network supported device can be a goal for a attack ( Routers, Modems, PC, Fridges,IP-TV, IP Switches, IP-Cams…) You have to update the OS for each device monthly, if not supported by the manufacter, then dont buy! Try to get Opensource Hardware with Opensource Software for full access (ssh / console) to have full control Reduce the count of devices who are connected direct to […]

Facebook: Use Socialmedia without App Install Safe Battery Lifetime

If you use facebook and the facebook-messenger try to remove these apps cause they alway scan YOUR DEVICE permanent for NEW Files and watch for YOUR updated DATA. These Apps CREATE Indexes and upload this to the dark Facebook Cloud Servers.  This kills your battery capacitiy!! mostly 50% of online time!! and destroy’s your PRIVACY! and blow up your ROM at your Mobile Device Workaround: Use a small browser like builtin webview of Android or firefox Enter http://m.facebook.de to connect yourself to the fb-network This saves much energy and you are NOT permanent scanned!! Try and test it one week, i did […]

Security: Webserver HTTPS with Self Signed Certificate Do it yourself in 5 Minutes!!

Today the Point of Security and encrypted Webserver Communication is rolling over every User who hosts own Websites on the Internet. Last decades HTTPS was only used by Online Login Pages like Shops and Banks to verify the Communication between a User PC and the Website. But after January 2015 the most Search Engines like google decides to force index of Websites with HTTPS Protocol. The Background is that a TLS encrypted Connection isn’t easy to track and to force “drive-by-load-Viruses” to the Website Visitors. But a lot of Webmasters of the Opensource Community were angry about this handling. Thats […]