mfeilner – Page 49 – markusfeilner.de

Teotwaki – The Higgs Bubble Way

Meet the Higgs Bubble That Will Destroy the Universe. Maybe … :

“According to a recent paper, published on March 12 in the journal Physical Review D, the final moment for the universe will be triggered by a bizarre consequence of subatomic physics called an instanton.
This instanton will create a tiny bubble that will expand at the speed of light, swallowing everything in its path. It’s only a matter of time. [Top 10 Ways to Destroy Earth]
“At some point you will create one of these bubbles,” study lead author Anders Andreassen, a physicist at Harvard University, told Live Science. “It will be very unpleasant.
” By “unpleasant,” he means the end to all life — and, indeed, chemistry — as we know it.“

Beep, beep – Security flaw…

You may have been thinking that the good old beep tool is safe, but you’re wrong …
Debian — Security Information — DSA-4163-1 beep:

“It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation.“

How to deal with a difficult manager or an incompetent boss…

We all now this never happens, but it’s good to be prepared.
The Muse explains how to deal with a difficult boss: 10 Brilliant Tips for Dealing With a Difficult Boss -The Muse

“In an ideal world, we would all have fantastic managers—bosses who helped us succeed, who made us feel valued, and who were just all-around great people. Unfortunately, that’s not always the case. But, whether the person you work for is a micromanager, has anger management problems, shows favortism toward one person, or just isn’t very competent, you still have to make the best of the situation and get your job done. To help out, we’ve gathered the best advice from around the web for dealing with a bad boss. Try one or more of these tips to find some common ground with your boss—or at least stay sane until you find a new gig.”

And Workitdaily has a good read about 5 Ways To Deal With An Incompetent Boss | CAREEREALISM … :

“While it can be frustrating to have an incompetent boss, an incompetent boss can seriously damage or derail your career. If they do have a serious lack of knowledge, we know that they can do nothing to grow you as an employee which means any growth will be yours to make happen. Let’s look at the potential damage they can inflict and what you can do to minimize or avoid.“

Hierarchy is not the answer.

My friends from Agorum got to the point here (only in German, though) … : Entscheidungsprozesse in einem selbstorganisierten Unternehmen.

“Hierarchie ist keine gute Antwort auf immer schnellere und komplexere Prozesse”

I think this silicon valley image from Brian Solis fits very well to that context … that reflects much more the kind of hierarchies we need:

Analytics training

I would say it’s a tie… but there’s one definitive evidence here:
am2OED2_700b.jpg (700×751):

The Seven Circles of Developer Hell

Awesome work by Toggl: The Seven Circles of Developer Hell [Infographic] – Toggl Blog
“Software development is a special kind of a nightmare. The kind that you wish you could wake up from, but can’t, because code is money and money is life.”

Leading through Chaos is so much more human

Applying chaos theory in a project based organization:

“Abstract Chaos theory is extremely useful in guiding behaviors in an organization that depends on project-based work for its vitality. The theory informs us that small initial conditions can have a huge impact on project outcomes; however, what actually happens is unpredictable. Nature, while chaotic, follows regular patterns, as does human behavior in organizations. An organic approach to the implementation of project management implies that we can learn tremendous lessons from nature on how to achieve better, more harmonious outcomes from our projects. Thus, by observing nature and paying attention to patterns in human behavior, we in essence create a “green”—as opposed to “toxic”—environment for project success.“

You might be wrong about your intelligence…

My internet friend Rhys aka the Physicists of the Caribbean has written a great piece on why knowing yourself and others is not that easy: Know Thyself … :

“It should be largely self-explanatory. Intelligence (or skills or knowledge of a subject, perhaps other things too) doesn’t necessarily correlate with how accurately people evaluate their own intelligence.“

Influence – The Engineering Manager

… : Influence – The Engineering Manager … I’m still reading:

“Beyond just management Let’s look beyond the on-paper job description of a manager for a second. Indeed, if you are leading a team then you have responsibility for the performance of those that report into you. And yes, you are also accountable for the quality of work that is being delivered and its timely arrival.“

QR Codes: Apple messed it up (again)

… For years I have been talking about the dangers of QR codes…. well here’s one of the convenient Apple preload functions, I assume, messing it up: The Hacker News — Online Cyber Security News & Analysis … :

“You need to open the Camera app on your iPhone or iPad and point the device at a QR code. If the code contains any URL, it will give you a notification with the link address, asking you to tap to visit it in Safari browser. However, be careful — you may not be visiting the URL displayed to you, security researcher Roman Mueller discovered. According to Mueller, the URL parser of built-in QR code reader for iOS camera app fails to detect the hostname in the URL, which allows attackers to manipulate the displayed URL in the notification, tricking users to visit malicious websites instead.“

The City of Atlanta, Georgia has been hacked.

Reality update: Hackers Are Holding The City of Atlanta Hostage … :
““This is much bigger than a ransomware attack, this really is an attack on our government,” Atlanta Mayor Keisha Lance Bottoms said at a news conference, Reuters reports. “We are dealing with a (cyber) hostage situation.”

(…)

Experts have warned that cybersecurity is likely the next great security threat for governments and companies around the world, and that most systems are simply not prepared. Indeed, Atlanta isn’t the first U.S city to be hit by ransomware — the Colorado Department of Transportation has already been hit twice in 2018. However, the Atlanta attack seems to the most thorough, city-wide cybersecurity breach yet. And though some companies have ramped up security following attacks, as Atlanta plans to do, it seems that most cities aren’t adapting their security before an attack happens.

(…)

It’s not yet clear at what point Atlanta will give in and pay the ransom to get its data back. But as more cities rely on digital processes, the dangers to both citizen privacy and security are going to multiply. Imagine a hack that takes out not just a city’s computer systems, but also its electrical power, plumbing, and even control of your own car.“

Microsoft is now censoring its users, scanning all content for “inappropriate” stuff

Reality update: Microsoft to ban ‘offensive language’ from Skype, Xbox, Office | CSO Online … I doubt this is fine with German data protection laws:

“Better watch out if you are playing Xbox, get ticked, and cuss. Microsoft might ban you for the “offensive language.” If they do, then say bye-bye to your Xbox Gold Membership and any Microsoft account balances.“

How a little-known Canadian company created an election software platform marketed by Cambridge Analytica

Gizmodo tells the story of a batch of sources being published that might have a sever impact not only on Brext… : AggregateIQ Created Cambridge Analytica’s Election Software, and Here’s the Proof … :

“Discovered by a security researcher last week, the files confirm that AggregateIQ, a British Columbia-based data firm, developed the technology Cambridge Analytica sold to clients for millions of dollars during the 2016 US presidential election. Hundreds if not thousands of pages of code, as well as detailed notes signed by AggregateIQ staff, wholly substantiate recent reports that Cambridge Analytica’s software platform was not of its own creation.“

Thanks to Snowden: “Security, Safety and fair market: Access by Openness and Control of the supply chain.” By KIT

KIT (Karlsruhe Institute of Technology, Institut für Technikfolgenabschätzung und Systemanalyse) has published a great study that I haven’t read completely, but though it’s worth sharing: KIT – ITAS – Research – Project overview – Quattro S: Security, Safety, Sovereignty, Social Product … Especially regarding:

“This project will provide solutions for multiple problems. The first one is the security of information technology. The range of issues addressed includes zero-day exploits (e.g., WannaCry ransomware), denial of service attacks (e.g., Mirai), hardware attacks (e.g. based on the Meltdown and Spectre CPU flaws) up to novel types of hardware Trojans. The possibilities for these attacks originate from weaknesses in the long IT supply chains and threaten the confidentiality, integrity and availability of systems. The second problem is that these attacks can also threaten the safety of products, e.g., in energy infrastructures or in the automotive industry. The third problem consists of a loss of value added because of a migration of production and competences towards competing economies (e.g. US and China). Sovereignty would mean to have full control of the characteristics of information technology, to be sure that no hidden features are implemented, that no business secrets can be stolen, and to benefit economically from such control.“

Two-Factor-Crap: Mobile TANs are security theater

It’s been already six years that I wrote the Linux-Magazin article about hacking Android for banking data “Googles Smartphone-Linux ist ein einfaches Opfer für Angreifer“, and even a little more since me and Gunnar Porada met at Cortal Consors Bank. He was presenting, I was invited as a journalist.

And the weird thing was: Cortal Consors, a big bank that in the past had specialized on trading stocks and stuff, had invited Gunnar to show us why SMS-TAN (Mobile TAN) and similar smartphone-based “Two-Factor-Auth” mechanisms are merely security theater, like every trick that includes the smartphone. Nevertheless, they said, they’d still recommend to use it, since “it is not actively being hacked”. Well, that has changed for sure in the last years. 🙁

Albeit this article is merely available in German, it’s a good read – have Google translate it. The following quote says basically that it’s less effort to hack both Windows PC and Android device (since they will be in the same Wifi sometime) than it takes to find out two devices belong together. I just realized that again, I had written about some topic that didn’t have a name then: CDT (Cross Device Tracking).

If you feel fine with Security by Obscurity, then SMS-TAN or Photo-TAN or Face recognition might be enough for you. It’s not for me.

“„Technisch ist das gar nicht so aufregend, die Angriffsmöglichkeiten sind bekannt. Das Schwierigste für den Angreifer ist eher herauszufinden, welches Handy zu einem infizierten PC gehört“, erklärt der Ex-Hacker, der gerade 100 000 Euro vom Konto eines Konzerns zu einer gemeinnützigen Organisation transferiert hat, mit gefälschten Accounts und Webseiten, auf die er den Demo-Rechner vorher per DNS-Spoofing umgeleitet hat – natürlich nur als Demo fürs Publikum.“

Live hacking – a demonstration for military and politicians

… recently, at the german military’s reservist’s club VdRBw :
“Veranstalter: Kreisgruppe Oberpfalz-Süd

Thema: Sicheres Surfen durchs Internet

Wie ich meinen PC besser schützen kann

Bedrohung und Abwehrstrategien für den heimischen Rechner mit Live-Demonstration typischer AngriffeIm Rahmen der Freiwilligen Reservistenarbeit führt die Kreisgruppe Oberpfalz-Süd in Zusammenarbeit mit der Friedrich-Ebert-Stiftung und dem Markt Donaustauf eine Sicherheitspolitische Veranstaltung in Donaustauf als Verbandsveranstaltung in UTE durch.
(…)
Anzug: Dienstanzug gem ZDv 37/10 oder gedecktes Zivil”

Sir! Yes, Sir!

Facebook: The AI-powered dystopia. Time to realize!

Zeynep Tufekci: We’re building a dystopia just to make people click on ads | TED Talk

“We’re building an artificial intelligence-powered dystopia, one click at a time, says techno-sociologist Zeynep Tufekci. In an eye-opening talk, she details how the same algorithms companies like Facebook, Google and Amazon use to get you to click on ads are also used to organize your access to political and social information. And the machines aren’t even the real threat. What we need to understand is how the powerful might use AI to control us — and what we can do in response.”

Does your server mine Minero? Well… it might have been hacked…

Reality update: Cryptocurrency mining malware uses five-year old vulnerability to mine Monero on Linux servers | ZDNet … but hey, it is only PHP/Cacti:

“The cryptojacking campaign exploits CVE-2013-2618, an old vulnerability in Cacti’s Network Weathermap plug-in, an open source tool which is used by network administrators to visualise network activity.”

I’m still waiting for the first Linux Virus to hit the streets. Send it to me, please, if you have one. No, not the manual ones. They are boring.

Kaspersky won’t play with the US anymore…

Kaspersky’s ‘Slingshot’ report burned an ISIS-focused intelligence operation – CyberScoop
Hehehe: Kaspersky recently exposed US Intelligence Malware

“The U.S. government and Russian cybersecurity giant Kaspersky Lab are currently in the throes of a nasty legal fight that comes on top of a long-running feud over how the company has conducted itself with regard to U.S. intelligence-gathering operations.
A recent Kaspersky discovery may keep the feud alive for years to come.
CyberScoop has learned that Kaspersky research recently exposed an active, U.S.-led counterterrorism cyber-espionage operation. According to current and former U.S. intelligence officials, the operation was used to target ISIS and al-Qaeda members.”
undefined

(Thanks to Fefe)

A message from Edward Snowden

And right he is: