(10 Dec 2019)
אני מודה ל @noamr ו- @GilBahat על ה-peer review
Archiv: flaws / loopholes / vulnerabilities / backdoors (technics) / Schwachstellen / Schlupflöcher / Sicherheitslücken / Hintertüren (Technik)
> וודאו שיש לכם TLS 1.3 או TLS 1.2 תחת הסעיף Protocols. עדיף שלא יהיה לכם TLS 1.0\1.1 בכלל. מספר השרתים הפגיעים בישראל: 100,000+ לא פשוט לכתוב אייטם כזה לאנשים לא מקצועיים, אבל הוא חשוב והתפרסם ב @Haaretz
(10 Dec 2019)
אני מודה ל @noamr ו- @GilBahat על ה-peer review
Die 5 großen DNS-Angriffe und wie man sie abwehrt
(9. März 2022)
Die Aufgabe des DNS besteht darin, den Begriff, den Sie in ein Suchfeld eingeben (den so genannten menschenlesbaren Namen), in die entsprechende Zahlenfolge (IP-Adresse) zu übersetzen, die Ihr Gerät benötigt, um auf eine Website zuzugreifen oder eine E-Mail zu senden. Angriffe auf diese unverzichtbaren Systeme können sehr schädlich sein.
Siemens und der BND: Ehemalige Manager packen aus
(12.04.2008)
Siemens lieferte Abhörtechnik für Geheimdienste in aller Welt, nach Russland, Ägypten, oder Oman. Der Konzern kann sich zur Fehleranalyse in jede große Vermittlungsanlage einwählen, die das Unternehmen geliefert hat. Das legt den Verdacht nahe, der BND habe sich Zugang zu diesen Einwahlschlüsseln verschaffen wollen.
Für den Nachrichtendienst war Siemens auch deshalb interessant, weil Ingenieure des Konzerns beim Bau von Telefonanlagen Räume zu sehen bekommen, die auch einem US-Spionagesatellit verschlossen sind, …
Operation Rubicon
Operation Rubicon (German: Operation Rubikon), until the late 1980s called Operation Thesaurus, was a secret operation by the West German Federal Intelligence Service (BND) and the U.S. Central Intelligence Agency (CIA), lasting from 1970 to 1993 and 2018, respectively, to gather communication intelligence of encrypted government communications of other countries.[1][2] This was accomplished through the sale of manipulated encryption technology (CX-52) from Swiss-based Crypto AG, which was secretly owned and influenced by the two services from 1970 onwards.[1] In a comprehensive CIA historical account of the operation leaked in early 2020, it was referred to as the „intelligence coup of the century“ in a Washington Post article.
Streng geheim! Cryptoleaks. Die große BND und CIA Spionage | ZDFinfo Doku
(Aug 29, 2020)
Jahrzehntelang belauschten BND und CIA die verschlüsselte Kommunikation von über 100 Staaten. Die Operation „Rubikon“ wurde bis heute geheim gehalten. Sie gilt als größter Erfolg des BND.
Opfer des Lauschangriffs waren arabische und südamerikanische Länder, aber auch NATO-Partner. Sie vertrauten der Krypto-Technik des schweizerischen Herstellers Crypto AG – und wurden betrogen.
simplewall
Features
– Simple interface without annoying pop ups
– Rules editor (create your own rules)
– Internal blocklist (block Windows spy / telemetry)
> וודאו שיש לכם TLS 1.3 או TLS 1.2 תחת הסעיף Protocols. עדיף שלא יהיה לכם TLS 1.0\1.1 בכלל. מספר השרתים הפגיעים בישראל: 100,000+ לא פשוט לכתוב אייטם כזה לאנשים לא מקצועיים, אבל הוא חשוב והתפרסם ב @Haaretz
(10 Dec 2019)
אני מודה ל @noamr ו- @GilBahat על ה-peer review
DNS Server Settings: What are they & which is the best DNS server?
(25th August 2023)
While DoH uses the HTTPS infrastructure to encapsulate DNS queries, DNS-over-TLS focuses on utilising the secure TLS protocol directly.
Attackers target the Domain Name System, the internet’s phone book. Here’s how to fight back
(July 14 2023)
DNS over HTTPS, or DoH, and DNS over TLS send these requests over the UDP transport layer, again using encryption. This prevents man-in-the-middle tampering that could be done with unprotected DNS conversations. The TLS version skips the application-layer protocols, which helps hide this traffic even further and offers a slight performance boost as a result.
DNS Server Settings: What are they & which is the best DNS server?
(25th August 2023)
While DoH uses the HTTPS infrastructure to encapsulate DNS queries, DNS-over-TLS focuses on utilising the secure TLS protocol directly.
Attackers target the Domain Name System, the internet’s phone book. Here’s how to fight back
(July 14 2023)
DNS over HTTPS, or DoH, and DNS over TLS send these requests over the UDP transport layer, again using encryption. This prevents man-in-the-middle tampering that could be done with unprotected DNS conversations. The TLS version skips the application-layer protocols, which helps hide this traffic even further and offers a slight performance boost as a result.
simplewall
Features
– Simple interface without annoying pop ups
– Rules editor (create your own rules)
– Internal blocklist (block Windows spy / telemetry)
Homeland Security report details how teen hackers exploited security weaknesses in some of the world’s biggest companies
(August 10, 2023)
Staffed by senior US cybersecurity officials and executives at major technology firms like Google, the board does not have regulatory authority, but its recommendations could shape legislation in Congress and future directives from federal agencies.
> וודאו שיש לכם TLS 1.3 או TLS 1.2 תחת הסעיף Protocols. עדיף שלא יהיה לכם TLS 1.0\1.1 בכלל. מספר השרתים הפגיעים בישראל: 100,000+ לא פשוט לכתוב אייטם כזה לאנשים לא מקצועיים, אבל הוא חשוב והתפרסם ב @Haaretz
(10 Dec 2019)
אני מודה ל @noamr ו- @GilBahat על ה-peer review
UK Introduces Mass Surveillance With Online Safety Bill
(30.03.2023)
The anomaly is that if the government can access the content, criminals and foreign governments will almost certainly be able to use the same backdoor. (…)
This law will already affect US firms. The real danger is its arguments may spread like a contagion to be used by other governments.
simplewall
Features
– Simple interface without annoying pop ups
– Rules editor (create your own rules)
– Internal blocklist (block Windows spy / telemetry)
EU erhielt die zwölfte Cybersicherheitsorganisation
(04.07.2021)
Ein aktuelles, schlagendes Beispiel dafür ist die Neufassung der deutschen Cybersicherheitsstrategie. In Deutschland ist es Teil dieser Strategie, gewisse neuentdeckte Software-Sicherheitslücken für Polizei – und Geheimdienste offenzuhalten, die deutsche Cyberbehörde ZiTis soll die zugehörige Trojaner-Schadsoftware für mehrere Dutzend deutsche Bundes- Landesbehörden entwickeln.
Mozilla Firefox Privacy and Security (about:config)
(Jun 16, 2021)
1.SSL configuration for Secure Browsing, disable weak Cipher Suites.
Enable Forward Secrecy
security.ssl3.rsa_aes_128_gcm_sha256 -> False
security.ssl3.rsa_aes_256_gcm_sha384 -> False
security.ssl3.ecdhe_ecdsa_aes_128_sha -> False
security.ssl3.ecdhe_rsa_aes_128_sha -> False
security.ssl3.rsa_aes_128_sha -> False
security.ssl3.rsa_des_ede3_sha -> False
security.ssl3.ecdhe_ecdsa_aes_256_sha -> False
security.ssl3.ecdhe_rsa_aes_256_sha -> False
security.ssl3.rsa_aes_256_sha -> False
………………..
SSL Report: mozilla.org
Protocols:
TLS 1.3 Yes
TLS 1.2 Yes*
TLS 1.1 Yes
TLS 1.0 Yes*
(…)
Server hostname ec2-44-235-246-155.us-west-2.compute.amazonaws.com
> וודאו שיש לכם TLS 1.3 או TLS 1.2 תחת הסעיף Protocols. עדיף שלא יהיה לכם TLS 1.0\1.1 בכלל. מספר השרתים הפגיעים בישראל: 100,000+ לא פשוט לכתוב אייטם כזה לאנשים לא מקצועיים, אבל הוא חשוב והתפרסם ב @Haaretz
(10 Dec 2019)
אני מודה ל @noamr ו- @GilBahat על ה-peer review
SSL Report: haaretz.com
Protocols:
TLS 1.3 No
SSL Report: eff.org
Protocols:
TLS 1.3 No
ETS Isn‘t TLS and You Shouldn‘t Use It
(February 26, 2019)
The good news: TLS 1.3 is available, and the protocol, which powers HTTPS and many other encrypted communications, is better and more secure than its predecessors (including SSL).
The bad news: Thanks to a financial industry group called BITS, there’s a look-alike protocol brewing called ETS (or eTLS) that intentionally disables important security measures in TLS 1.3. If someone suggests that you should deploy ETS instead of TLS 1.3, they are selling you snake oil and you should run in the other direction as fast as you can.
> וודאו שיש לכם TLS 1.3 או TLS 1.2 תחת הסעיף Protocols. עדיף שלא יהיה לכם TLS 1.0\1.1 בכלל. מספר השרתים הפגיעים בישראל: 100,000+ לא פשוט לכתוב אייטם כזה לאנשים לא מקצועיים, אבל הוא חשוב והתפרסם ב @Haaretz
(10 Dec 2019)
אני מודה ל @noamr ו- @GilBahat על ה-peer review
simplewall
Features
– Simple interface without annoying pop ups
– Rules editor (create your own rules)
– Internal blocklist (block Windows spy / telemetry)
> וודאו שיש לכם TLS 1.3 או TLS 1.2 תחת הסעיף Protocols. עדיף שלא יהיה לכם TLS 1.0\1.1 בכלל. מספר השרתים הפגיעים בישראל: 100,000+ לא פשוט לכתוב אייטם כזה לאנשים לא מקצועיים, אבל הוא חשוב והתפרסם ב @Haaretz
(10 Dec 2019)
אני מודה ל @noamr ו- @GilBahat על ה-peer review
> וודאו שיש לכם TLS 1.3 או TLS 1.2 תחת הסעיף Protocols. עדיף שלא יהיה לכם TLS 1.0\1.1 בכלל. מספר השרתים הפגיעים בישראל: 100,000+ לא פשוט לכתוב אייטם כזה לאנשים לא מקצועיים, אבל הוא חשוב והתפרסם ב @Haaretz
(10 Dec 2019)
אני מודה ל @noamr ו- @GilBahat על ה-peer review
simplewall
Features
– Simple interface without annoying pop ups
– Rules editor (create your own rules)
– Internal blocklist (block Windows spy / telemetry)
What is DNS over TLS? Everything you need to know
(October 25, 2017)
DNS over TLS keeps Internet Service Providers (ISPs) from spying on users.
Ich hab die IP-Adresse? Das war ja einfach!
(09.02.2023)
Dazu ein Beispiel der Datenexfiltration. Über die DNS-Protokolle können kleine Datenpakete unerkannt aus dem Unternehmensnetzwerk herausgeschmuggelt werden. Dazu zerlegt die Malware die Daten in kleinste Bruchstücke, verschlüsselt sie und sendet diese unkenntlich gemachten Datenschnipsel mit jeder Anfrage zu der von den Angreifern registrierten Domain. Dort müssen die Fragmente, die beispielsweise sensible Informationen wie personenbezogene Daten enthalten, nur noch zusammengesetzt werden und schon haben sie das Unternehmen verlassen.
Signal would ‚walk‘ from UK if Online Safety Bill undermined encryption
(24.02.2023)
Critics say companies could be required by Ofcom to scan messages on encrypted apps for child sexual abuse material or terrorism content under the new law.
This has worried firms whose business is enabling private, secure communication.
Element, a UK company whose customers include the Ministry of Defence, told the BBC the plan would cost it clients.
The end of end-to-end encryption: how the Online Safety Bill threatens your right to privacy
24 years ago, the Human Rights Act was passed and the right to privacy was declared a fundamental right in the UK. Today, in times of rapidly expanding online public spheres, this human right is under grave threat.
Something fundamental is at stake: our ability to hold private conversations.
A combined total of about 47 million people in the UK use messaging apps like Whatsapp and Signal. It is clear that the UK is online and connected. However, the privacy of our online conversations is under threat. So who is trying to undermine our ability to speak without large corporations and governments snooping on our conversations and why?
Enter the Online Safety Bill…
Online Safety Bill in Großbritannien: Threema lässt es auf Rausschmiss ankommen
Der Messenger Threema beteiligt sich nicht am von WhatsApp und Signal angekündigten „Walk-Out“ aus Großbritannien wegen des geplanten Überwachungsgesetzes. Den Anforderungen des „Online Safety Bills“ wird das Schweizer Unternehmen allerdings auch nicht nachkommen.
ZITiS baut Supercomputer zur Entschlüsselung
(16.10.2018)
Dieser Supercomputer hat „höchste Priorität“ für die ZITiS-Abnehmer Verfassungsschutz, Bundeskriminalamt und Bundespolizei.
Vor zwei Wochen wurde bekannt, dass ZITiS auch einen Quantencomputer einsetzen will. Ob Supercomputer und Quantencomputer verschiedene Projekte sind, will ZITiS auf Anfrage nicht verraten:
IBM now has 18 quantum computers in its fleet of weird machines
(May 6, 2020)
Eighteen quantum computers might not sound like a lot. But given that each one is an unwieldy device chilled within a fraction of a degree above absolute zero and operated by Ph.D. researchers, it‘s actually a pretty large fleet. In comparison, Google‘s quantum computers lab near Santa Barbara, California, has only five machines, and Honeywell only has six quantum computers.
How Quantum Computer Could Break 2,048-Bit RSA Encryption in 8 Hours
(June 5, 2019)
Google‘s Craig Gidney and KTH‘s Martin Ekera demonstrated that a quantum system could crack 2,048-bit RSA encryption with just 20 million quantum bits (qubits), rather than requiring 1 billion qubits as previously theorized, in only eight hours with this technique.
The technique uses modular exponentiation, a mathematical process for finding the remainder when a number is raised to a certain power and divided by another number.
Gidney and Ekera have formulated various ways to optimize this process, reducing the resources required to run the large-number-factoring Shor‘s algorithm.
Data Protection Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse
(February 2, 2023)
The one thing we can say with certainty is that it definitely won’t happen in 2023 – probably. That probably comes from not knowing for certain what stage in the journey to quantum computing has been achieved by foreign nations or their intelligence agencies – and they’re not likely to tell us. Nevertheless, it is assumed that nobody yet has a quantum computer powerful enough to run Shor’s algorithm and crack PKI encryption in a meaningful timeframe.
Does the certificate offer a SHA-2 signature?
(Jan 2016)
Osiris
Community leader
Let’s Encrypt uses SHA-256 hashe in it’s certificates and SHA-256 is one of the SHA-2 hash family variants