Someone is pulling emergency brakes on subways

New York is facing an unusual incarnation of Denial of Service, in this case public transport. Just like on the web, thats’s extremely annoying and in this case, really has impact on peoples’s lives. From the article:

“The reports caused major disruption,” says Wikipedia, “affecting approximately 140,000 passengers and 1,000 flights.”

Asymmetric warfare: someone is pulling emergency brakes on NYC subway cars

Source: Asymmetric warfare: someone is pulling emergency brakes on NYC subway cars / Boing Boing

Der Zustand des Staatstrojaners.

Der BND nutzt über einen Zeitraum von 5 Jahren ein Budget von 4 Millionen Euro, um allgemeine Sicherheitslücken auf dem freien, aber schwarzen Markt aufzukaufen. Zielsetzung ist selbstverständlich die Verwertung zum Einsatz von Staatstrojanern. Herrn Mayer zufolge wendet der BND diese Information lediglich gezielt zur Strafverfolgung ein, ignoriert dabei aber die Tatsache, dass die Sicherheitslücke weiterhin auf potentiell Millionen von Geräten weiterhin existiert. Dem ist eigentlich nicht viel hinzuzufügen.

CSU-Staatssekretär Stephan Mayer versteht die Technologie von Staatstrojanern überhaupt nicht – oder er führt die Öffentlichkeit mit Unwahrheiten in die Irre. Bei “Maybrit Illner” gab der Politiker jedenfalls kein gutes Bild ab.

Source: Innenstaatssekretär Mayer blamiert sich mit Aussagen zum Staatstrojaner – netzpolitik.org

 

#Hackerangriffe

Weil es gerade in allen Medien heiss diskutiert wird: ein paar kleine Tips, wie man den schlimmsten Problemen im Internet ein bisschen vorbeugen kann und potentiellen Schaden vorbeugend eingrenzen kann. Wikipedia zu den Vorfällen dazu.


PC und Telefon
Alle System-Updates Zeitnah installieren
Privatsphäre-Optionen auf allen Geräten nutzen
Berechtigungen von Apps auf Telefonen und Tablets stark beschränken (Kontakte, Kamera, Location, Mikrofon etc.)…

eMail
HTML-email ausmachen, externe Inhalte von e-mails nachladen ausmachen, Vorsicht bei email-Anhängen,
Möglichst einen anderen eMail-Account zur Kommunikation verwenden, als den, der zur (Account-)Registrierung verwendet wird, wegen Passwort-Wiederherstellung.

Passwörter
schwer zu ratende Passwörter verwenden & für jeden Dienst ein eigenes verwenden
Wo möglich, 2-Factor-Authentication verwenden.

Sozial
Niemals Login-Daten preisgeben, auch nicht telefonisch
Facebook-Account löschen, ausserdem:
Niemals Login with Google/Facebook/Twitter etc. verwenden
Location-Übermittlung überall ausmachen
Telefonbuch-Sync für Social Media in keinem Moment erlauben
Höchstprivate Daten besser löschen (Chatverlauf, Bilder)

Daten
Festplatten-Verschlüsselung einschalten
Für Chat-Kommunikation nur verschlüsselte Messenger verwenden, z.B. Signal oder Threema
Für eMail: S/MIME oder GPG verschlüsseln…
Backups verschlüsseln

Bild von Nasir Khan, CC-BY-SA2.0

Security Planner – Improve your online safety with tools for your needs.

The Citizen Lab, an

interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, focusing on research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security.

released “Security Planner” early last week. Security Planner is a tool that will guide everybody through their Internet usage habits with only few simple questions

Answer a few simple questions to get personalized recommendations of free and open-source software. It’s confidential — no personal information is stored, and we won’t access any of your online accounts.

With this information, it provides simple steps and personalized safety recommendations to follow for the improvement of individuals privacy online. The recommendations base on free- and open source projects and best practices, aiming to raise awareness and help people maintain better privacy.

Source: Security Planner – Improve your online safety with tools for your needs.

Smart TV Security

So, this is the future of security with smart devices.

Samsung has confirmed that its “smart TV” sets are listening to customers’ every word, and the company is warning customers not to speak about personal information while near the TV sets. The company revealed that the voice activation feature on its smart TVs will capture all nearby conversations. The TV sets can share the information, including sensitive data, with Samsung as well as third-party services. The news comes after Shane Harris at The Daily Beast pointed out a troubling line in Samsung’s privacy policy: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.” Samsung has now issued a new statement clarifying how the voice activation feature works. “If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search,” Samsung said in a statement. “At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV.” The company added that it does not retain or sell the voice data, but it didn’t name the third party that translates users’ speech. Update, Feb. 10: Samsung has updated its policy and named the third party in question, Nuance Communications, Inc. Meghan DeMaria

via: Samsung warns customers not to discuss personal information in front of smart TVs

Docker 1.10

Docker announced version 1.10 past week. The new release contains more than 100 improvements over the previous version. New features include better resource management, a more flexible docker-compose file format and improvements to security. These are in particular through user namespace isolation, implementation of seccomp for syscall filtering and an authorization plugin to restrict access to Docker engine features.

We’re pleased to announce Docker 1.10, jam-packed with stuff you’ve been asking for. It’s now much easier to define and run complex distributed apps with Docker Compose. The power that Compose brou…

via: Docker Blog
Release notes.