AVM
and what we all have to accept...
Now also our little city was switched to the VDSL network and so we were forced to get us a new router.
Due to the fact that we trust AVM the most and we never really had problems with their hardware, we decided to replace the 7170 with the 7390.
While we created our own special configuration for the Fritz!Box, we had to notice that AVM still does not supply a decent documentation and that the default configuration of the 7390 looks pretty similar to the 7170, which also lacks a strong security configuration. Read on...
__________________________________________________________________________
In the RFID - Identity Card
lays the risk of identity theft.
In April 2017 it had to be done... the "New One" was needed. The old was expired since 2013, but now I had to make a journey to another State in the EU.
I never wanted the new Identity Card because of the chip, but now I couldn't refuse anymore to get it, we also had to vote this year.
When I ordered the new Identity Card in April, the woman from the authority office told me that I can surely disable the chip, as soon as it is ready to pick up. Somehow the law has now changed and it was not allowed anymore to disable the chip, the woman said. So I got a activated RFID-Chip in my Identity Card. ***!
After I picked up this damn ****, I went to vote and later directly drove home to take care of my "New One". Microwave open, put some plastic dish in, on top the Identity Card, close door, 1400Watt, 1 sec., Go! - Nothing... Hm!
On the second run, approximately 2 sec. this time, the Identity Card flew through the microwave oven and the results you see now: Read on...
__________________________________________________________________________
ShadowBrokers NSA Hacking Toolz
are you already shivering till the next exploit comes out?
You should.. we not!
Due to the fact that we warned the public so often over the risks of NetBIOS/SMB and DCOM/RPC, we do not have to care about this threat.
The systems we administer are all secured against these kind of attacks/exploits.
Of course, these little applications from the NSA show exactly what we are warning about since years and now we all have the evidence that they exist and also were used.
It is also a fact that the whole current IT-Industry is weak against such attacks by default and that not many know how to successfully secure the IT against those attacks.
Actually the sad thing is that no one really seems to care about their IT-Security!
Read on...
__________________________________________________________________________
Your Windows credentials are at risk
Windows 10 does leak your Windows login credentials to a infected USB drive.
As we pointed out before USB does open many security flaws to your Windows computer. Now the News report that also Windows 10 does ship USB security risks like the old versions of Windows did before. Read on...
__________________________________________________________________________
Locky
did you already pay your BitCoins?
The Windows Operating-System (OS) has alot of security flaws which can be used against your IT, if you will not close them yourself. Managing all these tasks yourself is hard work to do.
Our own security software WSecure is designed to help you in a easy way to accomplish your goal.
A good example is the “Windows Script Host (WSH)” feature which Microsoft did include in all Windows versions. If you run WSecure just once, even without actually changing something, WSecure will disable WSH so it cannot harm your IT anymore. Of course you can enable it at any time through WSecure again, if you really need to. Read on...
__________________________________________________________________________
The Internet of things...
and the risks we face with it.
In the last time the News report more often about attacks on critical infrastructure like government, hospitals, economy, banks or offices.
We also get malware email every day in our inbox, where we can see packet pdf or picture files which the attacker wants us to open. Beside the fact that none of that files can harm our systems, another system would take the full risk.
More interesting are those emails that look like if another person of our own company did write us a email! Read on...
__________________________________________________________________________
BSI, Intel and AMT
a new, old story?!
At the it-sa 2015 in Germany we have visited the BSI and asked why the BSI did not report about the security risks that are included into the Intel chips, called AMT, before.
Somehow we just got strange or no answers to our questions, so this is now our statement to this weird story. Read on...
__________________________________________________________________________
CeBIT Anno 2015
We will be there!
We were announced of the CeBIT SCALE 11 project and after a short call with a responsible person from there we were infected with the idea to join in.
Now that everything is done which had to be done, we are looking forward to this big event for us in Hannover! Read on...
__________________________________________________________________________
Freedom instead of fear
we must act, if our own government is to shy for it!
Because other governments push us to fight for our human rights and our own government does not do its job, we have to stand up ourself and do what needs to be done. We encourage everyone to come to Berlin on the 14/08/30 in our capital city and join the demonstration with us. Read on...
__________________________________________________________________________
Your USB-device can ship hidden malware
do you still use USB?
We were astonished while we saw the ARD TV report Monitor #664 at 14/07/30 with Karsten Nohl from Berlin, who runs a security company too.
In the report the company G-Data agreed to plug-in a USB device to a laptop. A screenshot was directly taken and printed to the screen, without any further interaction. The report showed that the USB device can spoof itself as a keyboard, mouse or printer and therefor wasn't catched by G-Data's security solution. What a pity! Read on...
__________________________________________________________________________
The end of Windows – XP
or not?
In April 2014 Microsoft canceled the official support of Windows XP, even tho alot of users did complain against it.
Anyways, Windows XP is still in use from banks, hospitals, railroad company's and yes, even on the ISS (can be seen on the TV report of “ZDF Mittagsmagazin at 14/07/29” with the German Astronaut Alexander Gerst right in picture) in Space. Windows XP does its work there every single day. Read on...
__________________________________________________________________________
Drones for the Army and Android in your car
do we really want that ****???
Everyone who does daily watch the News like us will have noticed that the German army wants now so called drones, so they can better spy on us. Then, later on, they surely want robots like in the movie “Iron-Man I/II”, so they can sleep better and also kill more so called terrorists, humans. Read on...
__________________________________________________________________________
WSecure trials Android!
ANDROID the Google Operating-System (OS)
We have decided to put a report from us about the Android OS on our site, even tho we mainly just support IT-Security for the Windows OS. We point out, that these results reflect what we had to notice while we were working with Android.
Still, we cannot suggest our customers to use Android, because high-end security software is missing and every application on Android can easily get high permissions to everything through the manifest file which is stored inside the application itself. But of course we know that the Android OS is in use every day on millions of devices around the world. Read on...
__________________________________________________________________________
Cable-Network-Provider like Unity-Media and Kabel-Deutschland
are you customer of these company's and do you use cable-network?
Then you have a problem!
Then you have a problem!
As we reported before, the German company Unity-Media does use its own firmware for the AVM FritzBox (FB) cable. Somehow Unity-Media did disable the whole network support in the FB which means that DHCP and the Firewall can not be used anymore. It also means that all connections are not filtered by the FritzBox router and that every open port connection on a computer, laptop, smart-phone, whatever... can be discovered from the Internet and is ready to be exploited by malicious attackers.
Read on...
__________________________________________________________________________
Google, Microsoft, Apple & similar
the official try to bring back broken trust
In this article we want to point out our own statement to the letter the named company's did officially write to Mr. Barrack Obama.
It was reported that in this letter the named company's have stated that they do not want to support the espionage on their customers anymore and that it has to stop.
Actually this statement is more a way to hold their customers in a friendly position than a real try to stop the spy. Read on...
__________________________________________________________________________
Supermicro IPMI
KVM- and Media-Encryption unusable!
A customer ordered a Supermicro Server and gave it us to administer its security. This was the first time for us to work on a Supermicro and we were interested in the IPMI functionality.
We were very surprised what we had to find out and that no one else did complain to Supermicro about this bug before.
The whole encryption, while using a Remote-Desktop IPMI connection, was not working and all traffic was send unencrypted over the network.
Even when you used the switches in the GUI to enable SSL/TLS, nothing happened! Read on...
__________________________________________________________________________
Data-Spy, PRISM & the NSA
The Case: Snowden
Currently in Germany the News on TV report about the NSA and their espionage programs we all have to face.
For us it was clear that something is going on in the background but many others had no clue about it and how far it all goes.
We cannot understand why the american government started all this mess, but of course we are all terrorists which have to be watched closely and beside this the NSA does steal sensitive informations which normally underly copyrights and shares these informations with company's in the USA.
Maybe we finally have now reached a point were the mainstream of people will begin to recognize what is going on and start to protect their digital property.
At least our own government has to build clear structures for the anti-terror-laws that take place.
Unfortunately no one did care about these questions yet, so the whole EU does experience this problem now. Read on...
__________________________________________________________________________
UnityMedia customer? Attention!
Here is our statement to this!
We wanted to change our ISP and saw a commercial for the fast DSL lines from the company UnityMedia GmbH.
The router which UnityMedia does supply is a FritzBox (FB) cable and their commercial slogan was “Internet with high speed of 128 Mbit/s downstream and 10 Mbit/s upstream will be reality.”
The actual speed was around +/-80% and the 10 Mbit/s upstream was never a reality!
Neither when we ordered or later through the technician, who came to us, were we informed that the FritzBox has no full network support anymore because of the own firmware UnityMedia did use on the FB. We were pretty surprised when we saw a letter laying on our desk with a internal memo to the technician from UnityMedia, which stated the fact of no network support (firewall) and that the technician shall not mention this fact to us. Read on...
__________________________________________________________________________
The power of our service
and what can happen without it!
Because we were asked so often, we decided to put a article on our site to describe in some given scenario examples why IT-Security is so important and what can happen if you forget about it. We want to point out that one of the named scenarios is an example, which however does not mean that it cannot happen, possibly it did already and we just don't know yet. Read on...
__________________________________________________________________________
Listening Ports
connections that are in a permanently listening state (open ports)
e.g. under Windows 7
e.g. under Windows 7
In this article we want to show you with some pictures about what you can see yourself if you open a MS-Dos prompt as Administrator in Windows and type in the command “netstat -anb”.
Beside the usual list of opened ports, we want to show you that a Windows PC does not need any opened port in a listening state to work properly and do its job.
Read on...
__________________________________________________________________________
IT-Security
a never ending story!
Many people use computers everyday but only a few know about the technique that lays in them and how to successfully protect the “intellectual property” which is stored on them.
Most Windows users are satisfied when they can say: “At least it is working!”.
But they do not realize the risk to loose all their data or that their sensitive informations will be leaked out of the system without their knowledge.
The problem with Windows is, that Microsoft does not really apply security settings to Windows at all even tho the settings are there and could just be used.
If the Windows user does not apply all these security settings himself, no one else will and the result is actually no security!
Another example is the default sharing or access rules Microsoft did supply in Windows. Most predefined rules allow access to “Everyone” or even “Anonymous” which lead to big security issues. Read on...
