Interview in Experte zu Handy-Hacks: So kann man sich schützen

Experte zu Handy-Hacks: So kann man sich schützen TECHNIK 14:04 04.02.2020Zum Kurzlink Von Bolle Selke Die USA hacken das Handy von Bundeskanzlerin Angela Merkel und Saudi-Arabien das von Amazon-Chef Jeff Bezos? Müssen sich also nur Prominente Sorgen um ihr Smartphone machen? Nein, sagt der IT-Experte Sorin Mustaca im Interview und erklärt, wie man sich schützen kann. Read here the original: Die USA hacken das Handy von Bundeskanzlerin Angela Merkel und Saudi-Arabien das von Amazon-Chef Jeff Bezos? Müssen sich also nur Prominente Sorgen um ihr Smartphone machen? Nein, sagt der IT-Experte Sorin Mustaca im Interview und erklärt, wie man sich schützen kann. – Herr Mustaca, dass sich Leute wie Jeff Bezos oder Angela Merkel Sorgen um die Sicherheit ihrer Handykommunikation machen müssen ist logisch, aber muss man sich auch als Privatperson darüber Gedanken machen? – „Ich denke schon. Das Geld oder die Vorteile, die man von einer Privatperson bekommt, sind genauso gut, wie die von anderen Quellen. Man darf nicht vergessen, dass jeder von uns ein duales Leben hat: als Privatperson und als Geschäftsperson – egal ob als Angestellter oder Selbstständiger. Ein Lebensteil beeinflusst den anderen, das ist immer so. Die Informationen, die jemand über unser Privatleben hat, beeinflussen daher auch das Geschäftsleben.“ – Immer wieder gibt…

Read More

JavaScript vs. Java

JavaScript and Java are similar in some ways but fundamentally different in some others. The JavaScript language resembles Java but does not have Java’s static typing and strong type checking. JavaScript follows most Java expression syntax, naming conventions and basic control-flow constructs which was the reason why it was renamed from LiveScript to JavaScript. In contrast to Java’s compile-time system of classes built by declarations, JavaScript supports a runtime system based on a small number of data types representing numeric, Boolean, and string values. JavaScript has a prototype-based object model instead of the more common class-based object model. The prototype-based model provides dynamic inheritance; that is, what is inherited can vary for individual objects. JavaScript also supports functions without any special declarative requirements. Functions can be properties of objects, executing as loosely typed methods. JavaScript is a very free-form language compared to Java. You do not have to declare all variables, classes, and methods. You do not have to be concerned with whether methods are public, private, or protected, and you do not have to implement interfaces. Variables, parameters, and function return types are not explicitly typed. Java is a class-based programming language designed for fast execution and type safety….

Why does “everybody” think they are being/were hacked by Russian hackers?

Short answer: See the column “Country”. When I say “Russia”, I mean all Russian speaking countries, from the ex sovietic block. “Everybody” in quotes means the vast majority.   Long answer: Some time ago, I was writing that China is massively attacking my blogs. Now, it seems that the situation has changed a lot. But, what is the reason why this changed? Can it be that the Russian hackers are becoming more aggressive ?  Can be that they are “hungrier”. Or are these attacks sponsored by some entity? It might be, but then why my sites ? 🙂 Or did the laws in Russia changed and many hackers can access via VPNs hosted in Russia? Didn’t hear anything about it.   What’s the deal with Turkey? How come that they are increasing their activities? Can it be the same situation with the VPNs as in Russia?   Or are these attacks more oriented towards specific targets? For examples, these websites where I register these attacks are tech oriented.   I hate politics… but… can it be that Russia is working with Turkey ?   The interesting fact is that there are repeated attacks from the same IPs. So, one more…

Quoted in 45 Million Potentially Impacted by VerticalScope Hack

Source: Author: Ionut Arghire, Security Week     Here is my longer comment:   LeakedSource writes on their website about a massive breach of and all its affiliated websites from February 2016. However, neither nor any of the websites mentioned in the LeakedSource page mention anything related to a hack. Even if denial of a breach is not something unseen before, after reading the Summary of the dump on LeakedSource I am starting to see here a pattern:  “Each record may contain an email address, a username, an IP address, one password and in some cases a second password”. This is exactly the same as in the Myspace breach:”Each record may contain an email address, a username, one password and in some cases a second password.” How come that two completely unrelated breaches share the dump format? Could it be that they are converted somehow into a single format before they are put on sale? The assumption regarding the VerticalScope hack is that they used some vulnerable vBulletin software. I have verified this myself and this is why I found on a couple of their websites: Doing a search on “vulnerabilities for vBulletin 3.8.7 Patch Level 3” can…

I was right about the data: it is indeed old

You may have heard reports recently about a security incident involving Myspace. We would like to make sure you have the facts about what happened, what information was involved and the steps we are taking to protect your information. WHAT HAPPENED? Shortly before the Memorial Day weekend, we became aware that stolen Myspace user login data was being made available in an online hacker forum. The data stolen included user login data from a portion of accounts that were created prior to June 11, 2013 on the old Myspace platform. Source:   But there is more: WHAT INFORMATION WAS INVOLVED? Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform are at risk. As you know, Myspace does not collect, use or store any credit card information or user financial information of any kind. No user financial information was therefore involved in this incident; the only information exposed was users’ email address and Myspace username and password.   Troy Hunt writes also his own analysis and not surprisingly, he thinks that the data is actually around 8 years old . Additionally, he thinks that an insider…

Quoted in on the leak

Ionut Arghire of SecurityWeek wrote a very good article about the potential breach of 427 Million MySpace Passwords Appear For Sale and I was quoted a lot! Thanks, Ionut! I wrote more extensively about what I think of this leak: was apparently hacked, 360Mil accounts on sale and nobody knows any details There are many things that aren’t right with this breach. Read the article above… Another question, after reading the above article: how come that Troy Hunt didn’t get it? Maybe because it is only available for money? The data hasn’t been tested at all and according to Troy’s article it is not valid data: no sql dump Too many and email addresses   1 126,053,325 2 79,747,231 According to Troy, Gmail should be the top email provider these days (and also 3 years ago) Partial username, partial email address, partial password -> can it get worse than this?

A new type of fraud: News Scareware

After posting the article with the ads, I thought that I covered all stupid things that online publications do to force their readers to pay, subscribe or to disable ad blockers. Well, this was not correct… The stupidity goes on… with Washington Post.   They request your email address in order to allow you to read any article. I tried first to add some bogus email address so that I move on. But, these guys take things really serious. They connect to the SMTP server and try to authenticate if the user exists. If it doesn’t work, you get an error. After you successfully enter an email address, they store various system cookies and you’re free to read all articles.     I tried to test this in three browsers Chrome – where I registered Firefox Tor (browsing from USA) and it worked in all of them. I even erased all cookies above and it still worked. I honestly don’t know how they verify that my computer is authorized to view the content. Thy definitely stored something on the computer, different than a cookie, and they are checking that from the code of the website. I will investigate this when I…

The sad status of online advertising

I will give in this post an example having FORBES.COM as target.  I want to emphasize that this is not the only site that behaves like this!   If you have an ad blocking plugin active and you visit you will be promted to disable the ad blocker and you see the picture above.   After you turn it on, you can see that you are allowed to view the website for 30 days with “ad-light experience”: This is what you get with an ad-light experience: 1 ad on top of the page 2+ ads on the right of the page 2+ ads on the bottom of the page     If you re-enable the ad-blocker, you actually can see how many ads and trackers are on that page: 10 Ads, 99+ connections to websites that track you! Here is what Disconnect shows on that page: And this is just for an article. If you go back to the root page, you see actually a lot more ads and a lot more trackers:   Conclusion: The Internet would be much faster and much reacher if there would be less ads. I am not saying that there shouldn’t be any ads at…

No Image

Truecrypt shutdown – 5 questions that must be asked

If you visit you see this text below. If you install the software, you see it quite a couple of times. The domain  is only redirecting now to There are many articles written on this topic, especially on “WHY?”. WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform. And when you try to download it: Download: WARNING: Using TrueCrypt is not secure You should download TrueCrypt only if you are migrating data encrypted by TrueCrypt. TrueCrypt 7.2sigkey If you use TrueCrypt on other platform than Windows, click here. So, you can still use it. And it works as expected, only that you will get from time to time some warnings. So far, so good…   But the biggest question is WHY did they…

No Image

Some tips for Shopping Online safe

  The source is an article I wrote for the Avira press release : Here are the tips:   I recommend that consumers watch for a few things in order to not become a victim of the online fraudsters: Always check that the connection to the online store where the payment is done is secured. This can be observed first if the URL is starting with “https” and second if a small lock is present in the top left corner of the browser in the URL field (in Chrome) or the name of the website is written in a colored rectangle(in Firefox,IE). If the web browser gives any warnings about the security certificate of the website, then do not proceed to purchase anything from that website. If you don’t know the website you plan to buy from, always check its reputation first. Search for comments from other users about that website. Searching for “<website> reputation” usually gives good and relevant results. Give your financial details like credit card data only if the website is properly secured and its reputation is good. Try to choose payment methods which don’t require payment upfront. If PayPal is an option, choose that whenever possible….

%d bloggers like this: