“LastPass likely could have prevented this if they were more concerned about keeping their users secure than about saving their face. Their statement is also full of omissions, half-truths and outright lies. As I know that not everyone can see through all of it, I thought that I would pick out a bunch of sentences from this statement and give some context that LastPass didn’t want to mention.” Wladimir Palant helps to decode what LastPass had to say about their latest security breach.
palant.info
Tag: security
Return of the russian passenger
“After a secret breaks in the news, Reply All re-examines how Alex Blumberg’s Uber account was hacked.”
Die AAA-Bürger
“So wie Alibaba und Amazon wissen, wofür sich ihre Nutzer interessieren und was sie als Nächstes kaufen könnten, will der chinesische Staat aus den Datenspuren seiner Bürger ableiten, wie sie sich in der Vergangenheit verhalten haben und in der Zukunft verhalten könnten und sie nach einem Punktesystem entsprechend bewerten. Wer zum Beispiel über das Internet gesunde Babynahrung bestellt, soll Pluspunkte erhalten. Wer sich hingegen Pornos ansieht oder zu viel Zeit mit Computerspielen verbringt, muss mit Abzügen rechnen.” Da trifft es sich gut, daß Felix Lee nichts zu verbergen hat und ein solcher Umgang mit Nutzerdaten überhaupt nur in China in Erwägung gezogen wird…
www.zeit.de
With thanks to Michael August
Wie, Du bist nicht bei Whatsapp?
“Wer Whatsapp liebt, sollte besser nicht weiterlesen, oder vielleicht gerade dann, denn Liebe macht ja bekanntlich oft blind.” Boris Pohler, selbst Lehrer und Vater von zwei Kindern, bennent den Preis für die Verwendung des weit verbreiteten Dienstes und erklärt, warum jeder Nutzer gegen deutsches Recht verstößt.
blog.pohlers-web.de
Is Facebook spying on you?
“This year we’ve gotten one question more than any other from listeners: is Facebook eavesdropping on my conversations and showing me ads based on the things that I say?”
Terrorists don’t scare city cyclists. We already have to deal with cars.
“If there’s one group of road users virtually immune to being cowed by a lowly act of terrorism involving a motor vehicle, it’s cyclists. We’re reminded every day—through rolled-down car windows, on too-narrow roads, via social media—that we “share” the roads with people who actively hate us and that our interests (including safety) come behind theirs. Every one of us knows what it’s like to stare death in the grille. Daily riders have all had drivers aim their cars at us as if they were about to plow us down, whether because of run-of-the-mill inattention or out-and-out road rage. This reality is priced into our decision to ride.” Eben Weiss alias Bike Snob NYC offers the urban cyclist’s perspective on the latest terrorist threat.
www.washingtonpost.com
How not to get phished
“Most humans can tell the difference most of the time, but if they are tired, or stressed, or in a rush, or have any number of other common obstacles to computer use, there’s a good chance they won’t notice the difference, will type their password into the wrong site, and will have their account taken over by bad guys.” Jacob Hoffman-Andrews identifies password managers as the average human’s best defence against phishing attacks.
jacob.hoffman-andrews.com
Katz-und-Maus-Spiel der Polizei mit dem Rechtsstaat
“Es ist schlicht und ergreifend nicht wahr, dass die Kritik an Hamburgs Polizeiführung nur von einer ‘militanten linken Szene’ komme, wie Innensenator Grote Glauben machen will. Dass es letztere gibt und dass sie extrem gewaltbereit ist, bezweifelt niemand. Doch wenn Grote sagt, es gebe zwar viele, die auch friedlich campen wollten, aber ‘wir können sie nicht von potenziellen Gewalttätern trennen’, dann ist dies schlicht und ergreifend ein Offenbarungseid. Denn genau das ist nun einmal Aufgabe der Polizei. Man stelle sich vor, die Polizei würde mit ähnlicher Begründung Bundesligaspiele verbieten, weil sich im Stadion auch Gewalttäter aufhalten.” Andrej Reisin formuliert seine Kritik an der Vorgehensweise der Polizei vor und während des G20-Gipfels in Hamburg.
www.daserste.de
Conversations
“Welcome to this introduction to Conversations. It is gonna be a great introduction. It’s gonna be fabulous. Other instant messengers have fought Conversations for many years, but they couldn’t beat it. Just couldn’t do it. Total loosers. They’re all dead now. All the other messengers have failed. Forget WhatsApp, okay? Signal …total disaster. Threema is so bad, it’s not even a real messenger. It’s fake. Threema is a fake messenger. Converstations has got to be the best messenger in the world. It’s huge. OMEMO. You’ll love it. Best protocol. Tremendous. Absolutely fantastic. Nobody has messengers better than Conversations. This messenger is so big, you can even see it from the moon. And I am going to make you pay for it. It’s true. Important people tell me that Conversations is so great, it’s unbelievable. So great, it’s beautiful. Conversations is the best instant messenger that God ever created.”
conversations.im
The swedish kings of cyberwar
“Among the many questions posed by Scandinavia’s embrace of mass surveillance is one that has lingered at the margins throughout the Snowden debate: Are advanced democracies any different than their authoritarian counterparts in seeking to gain broad access into the private lives of citizens?” Hugh Eakin shines a light on the underreported activities of Sweden’s FRA in spying on people everywhere.
www.nybooks.com
With thanks to Michael August
Complexity is the enemy of security: how to stay relevant in a hacked world
“And one way to fight back is through Open Source. To make sure that the systems we use are trustworthy and can be verified and can be veryfied by anybody [sic]. Relying on Open Source to bring us privacy and trustworthy security is a crucial point for our future on the Internet. The Utopia is gone, it’s not coming back. But we can do what we can to maintain as much trust on the Internet as possible. And openess is key to trust. Without openess there is no trust—without trust there is no democracy.”
Mikko Hypponen
What we give away when we log on to a public Wi-Fi network
“Already 20 smartphones and laptops are ours. If he wanted to, Slotboom is now able to completely ruin the lives of the people connected.” Wouter Slotboom is one of the good guys, demonstrating to Maurits Martijn his effortless ability to retrieve people’s passwords, steal their identity, and plunder their bank accounts.
decorrespondent.nl
Signal
“I am regularly impressed with the thought and care put into both the security and the usability of this app. It’s my first choice for an encrypted conversation.”
Bruce Schneier
Signal offers private messaging and calling in one simple app. It is both free and open source. Development is supported by community donations and grants. This means that there are no hidden strings attached. Use Signal as an alternative to WhatsApp or, better still, its replacement.
signal.org
Copy public key to ssh server
user@ubuntu:~$ ssh-copy-id user@123.45.56.78Germanwings-Absturz: Wenn Sicherheitstechnik sich gegen die Sicherheit richtet
“Gäbe es keine Panzertür, dann hätte es diesen Absturz nicht gegeben … Dieses nachgerüstete 9/11-Geschwür ist Materialisierung eines vergifteten Zeitgeistes, dieses paranoiden Misstrauens.” Sascha Lobo und ein annonymer Pilot betrachten den Absturz von Flug 4U9525 als Flugzeugentführung infolge unzulänglicher Sicherheitskonzepte.
www.spiegel.de
“Security theatre is the practice of investing in countermeasures intended to provide the feeling of improved security while doing little or nothing to actually achieve it.”
Wikipedia
Why privacy matters
“Mass surveillance creates a prison in the mind.”
Glenn Greenwald
Mail-Dienste sehen alles
“Die elektronische Post kam mit kostenlosen Diensten in Mode. Für sie zahlen Kunden nicht in harter Währung, sondern akzeptieren Werbung und meist auch die Verwertung der aus ihren Daten gespeisten Kundenprofile.” Mittlerweile bekannt gewordene Abhörpraktiken der NSA rücken immer mehr auch Fragen nach der Sicherheit von E-Mails in den Vordergrund. Die Stiftung Warentest hat 14 Provider unter die Lupe genommen: Als Testsieger gehen Mailbox.org und Posteo hervor.
www.test.de
Edward Snowden: the untold story
“The question for us is not what new story will come out next. The question is, what are we going to do about it?” James Bamford interviews Edward Snowden, who regards the use of strong encryption in your everyday communication as a viable means to end mass surveillance.
www.wired.com
Also watch United States of Secrets, a two-part series detailing how the US government came to monitor and collect the communications of millions around the world.
OpenKeychain
“OpenKeychain helps you communicate more privately and securely. It uses high-quality modern encryption to ensure that your messages can be read only by the people you send them to, others can send you messages that only you can read, and these messages can be digitally signed so the people getting them are sure who sent them.”
www.openkeychain.org
The secret government rulebook for labeling you a terrorist
“This combination—a broad definition of what constitutes terrorism and a low threshold for designating someone a terrorist—opens the way to ensnaring innocent people in secret government dragnets. It can also be counterproductive. When resources are devoted to tracking people who are not genuine risks to national security, the actual threats get fewer resources—and might go unnoticed.” Jeremy Scahill and Ryan Devereaux report on the Obama administration’s expansion of the terrorist watchlist system.
theintercept.com