Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

September 23 2014

Heise titelt heute, Microsoft habe sein Security-Team ...

Heise titelt heute, Microsoft habe sein Security-Team zerschlagen. Da kann ich zufällig ein Wort mitreden, weil ich mit denen häufiger zusammengearbeitet habe. Es ist richtig, dass die Abteilung Trustworthy Computing aufgelöst wird, und dass einige Leute gefeuert wurden. Einige Leute sind auch gefeuert worden (das funktioniert in großen US-Firmen so, dass sie bei Entlassungen bemüht sind, einen gewissen Prozentsatz aus allen Abteilungen zu feuern, damit sie am Ende sagen können, seht her, das hat alle betroffen; auch die Geschlechter und Nationalitäten sind dann statistisch proportional betroffen). Was die da inhaltlich gemacht haben, bleibt aber bestehen, nur halt organisationell als Teil von anderen Abteilungen. Das heißt aber auch, dass die insgesamt weniger Einfluss haben, was ich für einen Fehler halte. Ich erwähne sowas hier normalerweise nicht, aber wenn der Chef von TwC meinen Namen tweetet, dann kann ich mal eine Ausnahme machen fand ich :-) Ein US-Kollege, der damals auch in Stunde 0 mit dabei war, hat diese Gedanken dazu gebloggt, denen ich mich nostalgisch anschließen möchte. Microsoft hat immer viel Häme gekriegt für ihre Softwarequalität, aber die haben unter dem Strich für sich und die ganze Industrie mehr geleistet als alle Regierungen zusammengenommen — selbst wenn man die Unsicherheitssteigerungsleistungen der Geheimdienste rausrechnet.

Die Security-Industrie hat insgesamt schon was bewegt in den letzten 10 Jahren, auch wenn sich das immer wie ein Kampf gegen Windmühlen anfühlt. Ein Gutteil des Hebels in großen Firmen kam daher, dass man sagen konnte, schaut her, selbst Microsoft hat es geschafft, dafür einen Prozess zu etablieren!

Nun kann man natürlich sagen, hey, Microsoft hat immer noch kritische Fehler in ihrem Code. Die müssen immer noch einmal im Monat Patch-Tag machen und da sind immer wieder furchtbare Dinge bei. Stimmt. Aber bei Microsoft wissen wir immerhin, dass sie selber nach Fehlern bei sich suchen und die aktiv auszumerzen versuchen. Bei anderen wissen wir, dass sie darauf warten, dass jemand von außen Fehler meldet, und dann fixen sie sie — vielleicht.

Reposted fromfefe fefe

January 05 2012

02mydafsoup-01

Die Junge Welt: Gegendarstellung in der Angelegenheit des Vorwurfs von unterlassenem Informanten-Quellenschutzes

Es wurde in der fraglichen Angelegenheit (siehe @Fefe Soup.io) miittlerweile eine Gegendarstellung von der Jungen Welt ins Netz gestelllt.

-----------------

via Medienmagazin.net auf Diaspora* -   https://joindiaspora.com/posts/1137796

October 21 2011

02mydafsoup-01

Via Diaspora* - La fillette percutée par des véhicules dont le sort a indigné la #Chine est morte


Pris d'un commentaire d'un lecteur:

// Je vie en Chine moi-même (Shanghai) et cet évènement ne m'avais nullement surpris... Moi même ainsi que ma conjointe avons failli nous faire écraser une fois par un chauffard écervelé. Plus d'une fois en fait... J'avais tenté de l'arrêter et de faire venir la police pour qu'on lui donne une amende ou qu'il soit puni de manière quelconque mais non la police m'a dit ne pouvoir rien faire puisqu'il ne m'avais pas tué... La génération d'enfants pourris et riches qui ont maintenant des voitures n'a absolument aucun respect pour les piétons qui sont pour eux, d'une classe sociale inférieure donc leur vie est peu importante. Triste la situation actuelle en Chine oui, c'est le cas de le dire... //



cf. in EN - Global Voices 2011-10-17 at oAnth - soup.io

October 03 2011

02mydafsoup-01

hackerhub


Hackerhub enables you to publish content online, but unlike other platforms we dont want to know anything about you. There is no registration at all, just your content, under your control.
Hackerhub caches* and distributes content - that's it.

September 26 2011

02mydafsoup-01
Play fullscreen
BrowserID Demo - Mozilla All Hands - 2011 Q3


yt-permalink

BrowserID demo during the keynote for the Mozilla 2011Q3 All Hands, with about 600 people in attendance. For more information, check out the Mozilla Identity blog, at: http://identity.mozilla.com/

---------------------------------------------------

Blog site of Mozilla Identity:

http://identity.mozilla.com/

cf. Blog entry from 2011-08-11:

// MozMozilla Labs designed the BrowserID experiment to increase user convenience and safety online. Using Mozilla’s Privacy & Data Operating Principles as guidelines, we built a system that seeks to maximize user privacy and control by shrinking the user-data minefield, disclosing information to sites only on a need-to-know basis, employing a model that is intuitive and users understand, and limiting tracking of browsing behavior while also enabling pseudonymity online. For more information, be sure to check out our blog post about privacy and BrowserID, as well as the BrowserID homepage. //

September 07 2011

02mydafsoup-01
02mydafsoup-01

Fefe's blog - 2011-09-07 - Zertifikate - CAs - GlobalSign

[l] Die SSL-CA-Apokalypse geht weiter. Der angebliche Diginotar-Hacker hat herumgeposed, er habe ja noch vier andere CAs unter Kontrolle, und benennt explizit GlobalSign.

Und heute: GlobalSign zieht die Notbremse, stellt Zertifikatsverkauf ein, startet Monster-Audit.

Wir sind jetzt also soweit, dass man mit Pastebin CAs runterfahren kann :-)


September 05 2011

02mydafsoup-01
[...]

I know users of CyanogenMod in Iran who are directly impacted by this compromise of DigiNotar. Additionally, they use the GSM network and it is possible to set the clocks of GSM phones - so certificates that have been issued are not valid only during some window of time - the attackers literally control time. The attackers here have all of the cards and only by removing the trust in DigiNotar *at the root* will help those users to stay secure

[End of the full text version]
DigiNotar fully compromised - CyanogenMod Android ROM - Google Project Hosting | Issue 4266 - cyanogenmod - 2011-09-03
Reposted byiranelection iranelection

September 02 2011

02mydafsoup-01

August 29 2011

02mydafsoup-01

[...]

(L)egal identity needs to be administrated in the online domain (which, contrary to what NSTIC and others seem to think, is not demonstrably proven), it remains that without the protections outlined in the “dotrights” campaign, the NSTIC effort is an incredibly dangerous movement for state managed identity as well as for citizens/consumers and their rights/interests. But don’t take my word for it, consider carefully the wording and implications of Mr. Messina:

“The last thing that I’ll add — which itself is controversial — is that this whole system, at least at the outset, will be voluntary and opt-in,” Messina says. “That means that if you don’t want the convenience of not having to use passwords anymore, you won’t have to. If you’re okay rotating your passwords and maintaining numerous discreet accounts across the web, that’s cool too. I don’t think a mandatory system would succeed — at least not without proving its security, stability, convenience, and utility over several years.”

I would point out that the current efforts by Google are, in fact, “entirely voluntary and opt-in”.

I would also point out that they have made it exceedingly clear that they are being driven by a yet-unexplained motivation that makes taking a “don’t like it, leave” stance attractive for Google.

I would further point out that Google’s CEO Schmidt himself stated that (paraphrasing), “Google+ is an identity service”; this is also supported by Google’s own site.

My assertions and conclusions at this point are, I think, things that you will find utterly logical:

  1. Google intends to be one (the first? the premiere? the only?) identity service for the USA.
  2. Google intends that their existing hold over users (adoption of services and products and related entrenchment thereto) be the weight brought to bear that ensures adoption rather than abandonment.
  3. Google intends that their ability to demonstrate adoption will allow them to leverage themselves, if not into the position of sole provider, then into a position of an elite few.
  4. Google intends to lobby and support our government in reaching a point of transition at which this “entirely voluntary and opt-in” identity service may become a mandatory one.
  5. Google is counting on YOUR continued use and willingness to adopt and endure any change they make to accomplish this.

Seem far fetched? Why? Messina is obviously thinking about it, the NSTIC is as well, thus Google, our Government, and who knows who else are thinking about it, too. Look at this and understand: There is not that much distance at all between Messina’s statements and the above assertions and conclusions and, frankly, that distance will close rapidly if Google is right about consumer apathy and passive adoption.

[...]


The NSTIC, you, and me (and Google?)… | BonnieNadri.Com - 2011-08-29

August 22 2011

02mydafsoup-01
via Diaspora* - graphics & icon support from a community member

Registration at Diaspora* - a decentralized social media platform - is meanwhile unlimited - no real name obligation, like in G+ and Fb !
https://joindiaspora.com
or have a look to this list of Diaspora* pods to choose whatever pod you want to join as your registration server.

oAnth's Diaspora handle: 02mydiaspo01@joindiaspora.com |
oAnth's profile: https://joindiaspora.com/people/22992

For French speaking users: follow the hash tag #French;
for German speaking users: to start, follow for instance #jul14 or #German ;
for English speaking users: you may try #English (not useful); it's in general for you much easier; many conversations are by necessity in English -

 generally it's easy, once you will be registrated:
you will have no problems to build up your contacts and to figure out their specific nationalities and interests (profiles);

August 20 2011

02mydafsoup-01

Why Net Censorship in Times of Political Unrest Results in More Violent Uprisings: A Social Simulation Experiment on the UK Riots by Antonio Casilli, Paola Tubaro :: SSRN | annot. by oAnth-miscellaneous 2011-08-20 at Scoop.it

Following the 2011 wave of political unrest, going from the Arab Spring to UK riots, the formation of a large consensus around Internet censorship is underway.

 

=============================

// oAnth - 2011-08-20

 

The link to the study is in my case blocked by a firewall.

In the German article at netzpolitik.org (see here via Twitter) you may find further links. The basic study is available as pdf (given here below).

 

------------------------------------------

 

https://twitter.com/#!/02mytwi01/status/104649085587431424

 

RT @netzpolitik - () Warum Internetzensur zu gewaltsameren Aufständen führt. http://t.co/D4DV27a // #study Civil Violence Model #pdf #humsci

 

------------------------------------------

 

Civil Violence Model - Study by Joshua M. Epstein

- http://www.pnas.org/content/99/suppl.3/7243.full.pdf

Source: papers.ssrn.com

August 19 2011

02mydafsoup-01

Ghostery | Detect - Learn - Control


Ghostery sees the invisible web - tags, web bugs, pixels and beacons. Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.

---------------------------

// oAnth  (added 2011-08-22)

Before you try to install Ghostery there are some aspects worth to concider.
'Reviews for Ghostery'
- https://addons.mozilla.org/en-US/firefox/addon/ghostery/reviews/?page=8

I see here more advantages than risks and installed it.

Once installed, you may configure the application according to your individual privacy demands.
Reposted bycheg00 cheg00

August 03 2011

02mydafsoup-01
[...]

The problem with the civility argument is that it doesn’t tell the whole story. Not only is uncivil discourse alive and well in venues with real name policies (such as Facebook), the argument willfully ignores the many voices that are silenced in the name of shutting up trolls: activists living under authoritarian regimes, whistleblowers, victims of violence, abuse, and harassment, and anyone with an unpopular or dissenting point of view that can legitimately expect to be imprisoned, beat-up, or harassed for speaking out.

[...]


via Diaspora* - https://joindiaspora.com/posts/365705
Randi Zuckerberg Runs in the Wrong Direction on Pseudonymity Online | Electronic Frontier Foundation - 2011-08-02
Reposted bykrekk krekk

August 02 2011

02mydafsoup-01
[...]

Eine Geschichte aus einer möglichen Zukunft: Sie sitzen in der U-Bahn einem interessanten Menschen gegenüber. Wie heißt er? Wo arbeitet er? Wofür interessiert er sich? Sie halten kurz ihr Smartphone hoch, fotografieren unauffällig das Gesicht ihres Gegenübers und nach ein paar Sekunden erscheinen auf ihrem Handy all diese Details.

Ferne Zukunft? Im Prinzip wäre das technisch schon sehr bald möglich, sagen die Forscher Alessandro Acquisti und Ralph Gross von der Carnegie Mellon University. Die Wissenschaftler haben in mehreren Experimenten Belege dafür gefunden, dass die Technik funktioniert. Es ist möglich, Menschen nahezu in Echtzeit per Software zu identifizieren - anhand von im Internet frei verfügbaren Fotos.

Acquisti und Gross stellen ihre vorläufigen Forschungsergebnisse in den kommenden Tagen vor, unter anderem auf der Black Hat Konferenz, einem der wichtigsten Treffen von IT-Sicherheitsforschern. 

[...]

Bilderkennung: Ich weiß, wer du bist | SPIEGEL ONLINE - Nachrichten - Netzwelt - 2011-08-02
Reposted bydigitalekulturresearchbrightbyteFreeminder23SmokeyTheBeartowserkrekkentspanndich

June 09 2011

02mydafsoup-01

June 03 2011

02mydafsoup-01
[...]

Message By Lulzsec:
Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks? What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it.

[...]

--------------------------------------------------

// oAnth:

- www.wired.com/threatlevel/2011/06/sony-lulzsec/
- reflets.info/securite-sony-se-prend-une-nouvelle-claque/
- www.golem.de/1106/83932.html

The general online media output is IMHO up to now low. I guess the mainstream media are avoiding intentionally to cover it as a focus in their news head lines.

encrypted.google.com/search?hl=en&q=Sony+Hacker+lulzsec&aq=f&aqi=&aql=&oq=
Sony Pictures hacked and Database Leaked by LulzSec ~ THN : The Hackers News 2011-06-02
Reposted bykrekkekeliasmondkroetecheg00brightbytenerdbeere2kdatenwolfleyrer

May 30 2011

02mydafsoup-01

April 30 2011

02mydafsoup-01

April 25 2011

02mydafsoup-01
New on Herdict blog: National Science Foundation Blocks Global Voices Advocacy: Last Wednesday, Berkman Senior R... http://bit.ly/gjjXgh

---------------------------------------------------

// oA:nth

[...]


When GVA inquired NSF’s commercial filtering provider Blue Coat about the reason, they responded,

“The website has verbiage indicating how to avoid proxy filtering, which clearly violates our security policy and therefore will remain blocked.”

As a non-profit organization that tracks Internet censorship across the globe and spreads knowledge about online filtering, GVA publishes information to teach others—specifically, online activists in developing countries that place restrictions on Internet content—how to circumvent domestic Internet filtering. However, Zuckerman noted the circular reasoning of this specific incident:

“In other words, the National Science Foundation is spending taxpayer money to (ineffectively) prevent scientists from learning about a debate about ‘internet freedom’ tools the US State Department and the Broadcasting Board of Governors are spending taxpayer money to support and promote, again using taxpayer money. Is there a Federal irony department where I can lodge a complaint?”


[...]
Twitter / Herdict: New on Herdict blog: Natio ... | 2011-04-25
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl