CryptoParty Austria

Linklist zur CryptoParty Wien 36 2015-09-28

• Security firm publishes list of some of the iOS apps infected by XcodeGhost - including Angry Birds 2 [Update: more apps] - 9to5Mac
• 0-day bug in fully patched OS X comes under active exploit to bypass password protection - Ars Technica
• 2nd dump from Ashley Madison hack twice the size - includes CEO e-mail - Ars Technica
• Ashley Madison hack is not only real - its worse than we thought - Ars Technica
• Lessons learned from cracking 4 - 000 Ashley Madison passwords - Ars Technica
• Better security - privacy and anonymity in Firefox
• Time to patch your firmware! Backdoor discovered into Seagate NAS drive
• http://bigstory.ap.org/article/065953e72e9649e0bc6efb69b06295ed/evidence-infidelities-spreads-online-wake-hack
• A Few Thoughts on Cryptographic Engineering: Let's talk about iMessage (again)
• StageFright - Telegram Stage-Left &amp - WhatsApp Stage-Right - Fortinet Blog
• Yet another pre-installed spyware app discovered on Lenovo computers / Boing Boing
• CynoSure Prime: CsP: Our take on the cracked AM passwords thus far
• Daring Fireball: Researchers: HTC Stored User Fingerprints as Image File in Unencrypted Folder
• Nach Facebook-Chat: 19-jährige Deutsche durfte nicht in USA einreisen - Netzpolitik - derStandard.at - Web
• Android: Hunderte Millionen Nutzer von Sicherheitslücke bedroht - Android - derStandard.at - Web
• HTTPS: Google - Mozilla und Microsoft wollen RC4 abschalten - Browser - derStandard.at - Web
• http://derstandard.at/2000022524999/Oesterreicher-und-Datenschutz-Kritisch-aber-unwissend
• Staatsschutzgesetz: AKVorrat diskutiert mit Sicherheitssprechern - Netzpolitik - derStandard.at - Web
• Piraten bringen auch Kanzler Faymann auf Youporn - Netzpolitik - derStandard.at - Web
• &quot - 123456&quot - beliebtestes Passwort bei Ashley Madison - futurezone.a
• Ashley Madison behielt Nutzerdaten nach Profill&ouml - schung - futurezone.a
• AVG verkauft Browser- und Suchverlauf der User - futurezone.a
• Deutsche glauben nicht an Abwehr von Hackerangriffen - futurezone.a
• Hacker ver&ouml - ffentlichen zweites Ashley-Madison-Datenpaket - futurezone.a
• Heimische Beh&ouml - rden-Vertreter unter Ashley Madison-Kunden - futurezone.a
• &Ouml - sterreicher zeigen - wie man Smart Homes hackt - futurezone.a
• Piraten werben nun auch mit Kanzler Faymann auf YouPorn - futurezone.a
• EuGH-Vorentscheidung: Daten von EU-B&uuml - rgern in USA unsicher - futurezone.a
• T-Mobile: &quot - Werden The Pirate Bay nicht sperren&quot - - futurezone.a
• Family Values Activist Josh Duggar Had a Paid Ashley Madison Accoun
• Facebook Dumped Intern After He Pointed Out Messenger&#39 - s Creepy Location Tracking
• Google Online Security Blog: Disabling SSLv3 and RC4
• Why is Windows so misleading about what root certificates it trusts? &middot - HA
• TSA000 - Album on Imgur
• Detectify Lab
• Hack: Porno auf Fahrplananzeige von Busbahnhof - futurezone.a
• http://m.futurezone.at/digital-life/oesterreicher-zeigen-wie-man-smart-homes-hackt/146.964.575
• Unverschlüsselte Passwörter bei BitDefender gestohlen - futurezone.a
• USA: Fingerabdrücke von Millionen Bediensteten gestohlen - futurezone.a
• Updates: Windows 7 und Windows 8 spionieren jetzt auch - futurezone.a
• Slashdo
• Slashdo
• Top German Spy: We Made Mistakes Working With NSA / Sputnik International
• Telefonanlage gehackt - 14.000 Euro Schaden für Firma in Oberwart - Netzpolitik - derStandard.at - Web
• A Flaw in Twitter's Sign Up Process Can Reveal Your Friends to Impersonators - Motherboard
• Ashley Madison Hackers Speak Out: 'Nobody Was Watching' - Motherboard
• http://oe1.orf.at/konsole?show=ondemand&track_id=414894&load_day=/programm/konsole/tag/20150914
• http://scilog.fwf.ac.at/kultur-gesellschaft/2797/ueberwachung-auf-facebook-und-co-nutzerinnen-wissen-wenig
• Drawing Lessons From July&#8217 - s Jeep Hack - TechCrunch
• Cryptome Reveals How Microsoft Gives the FBI and the NSA Back Doors to Crack Encryption - Techrigh
• Head of Louisiana GOP among those in Ashley Madison data dump - TheHill
• Planned Parenthood shuts down website after second hack - TheHill
• Why we must be allowed to publish security flaws without being sued
• NSA director just admitted that government copies of encryption keys are a big security risk - VentureBeat - Security - by Mark Sullivan
• PKI Posters - cem
• Der Stagefright Bug - CERT.a
• Kritische Sicherheitsl&uuml - cken in Adobe Flash Player - AIR und AIR SDK - Patches verf&uuml - gbar - CERT.a
• http://www.cryptomuseum.com/manuf/crypto/friedman.htm
• http://www.forbes.com/sites/amitchowdhry/2015/07/28/why-windows-10-shares-your-wi-fi-password-and-how-to-stop-it/
• http://www.forbes.com/sites/thomasbrewster/2015/08/20/spotify-creepy-privacy-policy/
• B&uuml - rgerrechte: EU will nicht gegen deutsche Vorratsdatenspeicherung klagen - Golem.de
• Es wird einmal gewesen sein ...: Microsofts Zune wird komplett eingestellt - Golem.de
• Ransomware: Kaspersky warnt vor Verschl&uuml - sselungs-Malware Shade - Golem.de
• Stagefright-Sicherheitsl&uuml - cke: Elf Wege - ein Android-System zu &uuml - bernehmen - Golem.de
• Verschl&uuml - sselung: Let&#039 - s Encrypt legt los und sucht Mitstreiter - Golem.de
• Ashley Madison full dump has finally leaked - Hydraze &amp - Friends blog
• US Congress members urged to communicate using encrypted apps - ITworld
• Hacking DefCon 23&#8217 - s IoT Village Samsung fridge - Pen Test Partner
• POL-HL: OH_Bad Schwartau_BAB1 /Kleinkind wirft Fahrzeugschlüssel aus fahrendem PKW - Pressemitteilung Polizeidirektion Lübeck
• Sophisticated Security: What I learned from cracking 4000 Ashley Madison password
• Tesla says it sent update for security flaws found by hacker- Reuter
• Boston's License Plate Reader Database Was Online for Anyone to See
• British surveillance state ‘worse than Orwells 1984 - UN privacy chief — RT UK
• UCLA Health laptop stolen - contained data on about 1 - 200 patients - SC Magazine
• http://www.spiegel.de/politik/deutschland/verfassungsschutz-abgeordnete-in-netzpolitik-affaere-unter-verdacht-a-1047145.html
• Facebooks Like Buttons Will Soon Track Your Web Browsing to Target Ads - MIT Technology Review
• http://www.techworm.net/2015/08/ashley-madison-ceo-noel-biderman-resigns-after-hack-that-exposed-37-million-users.html
• http://www.techworm.net/2015/08/chrome-vulnerability-can-be-exploited-to-disable-extensions-without-any-user-interaction.html
• http://www.techworm.net/2015/08/researcher-cracks-4000-ashley-madison-passwords-and-they-are-pretty-stupid.html
• Web.de and Gmx introduce end-to-end email encryption - Telecompaper
• Vodafone Australia admits hacking Fairfax journalist's phone - Business - The Guardian
• Facebook rescinds internship from student who exposed app privacy flaws - Technology - The Guardian
• Windows 10 sends identifiable data to Microsoft despite privacy settings - Technology - The Guardian
• Flash is dying a death by 1 - 000 cuts - and that's a good thing - Technology - The Guardian
• Troy Hunt: Do you really want &#8220 - bank grade&#8221 - security in your SSL? Here&#8217 - s how Aussie banks fare
• Troy Hunt: Here&#8217 - s what Ashley Madison members have told me
• http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Express_final_v2.pdf
• Ashley Madison data posted online -- and it&#39 - s worse than anyone thought (Wired UK)
• AVG can sell your browsing and search history to advertisers (Wired UK)
• Ashley Madison Leak Reveals Its Ex-CTO Hacked Competing Site - WIRED
• Hackers Finally Post Stolen Ashley Madison Data - WIRED
• The Dismal State of America&#039 - s Decade-Old Voting Machines - WIRED
• Mapping How Tor&#039 - s Anonymity Network Spread Around the World - WIRED
• Microsoft: Staatssekretär Billen: Windows 10 ist bedenklich
• NSA-Programm XKeyscore: Diese Spähsoftware findet jedes Passwort - ZEIT ONLINE
• NSA hilft Verfassungsschutz: XKeyscore - das Dokument - ZEIT ONLINE
• AVG Proudly Announces It Will Sell Your Browsing History To Online Advertisers - Slashdo
• Technical guideline
• Developer&#8217 - s Silence Raises Concern About Surespot Encrypted Messenger - AntiPolygraph.org New
• Analyzing 443 free proxies - Only 21% are not shady
• HTTP is obsolete. It's time for the distributed - permanent web
• Tor Browser 5.0.1 is released - The Tor Blog
• KARMA POLICE: GCHQ&#039 - s plan to track every Web user in the world / Boing Boing
• Explanation of various &#x27 - exit node&#x27 - -attack
• draft-ietf-dnsop-onion-tld-01
• Ghostery Adds New Sneaky Promotional Messaging System
• Surespot - Wikipedia - the free encyclopedia
• AWS Developer Forums: Life of our patients is at stake - I am ...
• Xyl2k/TSA-Travel-Sentry-master-keys · GitHub
• ms.PNG - Imgur
• Updated Let's Encrypt Launch Schedule
• Our First Certificate Is Now Live
• Surprise! Android lockscreen patterns are predictable - not very secure - Naked Security
• #Landesverrat: Wir müssen davon ausgehen - umfassend vom Bundeskriminalamt überwacht zu werden - netzpolitik.org
• &#8222 - Scheiß Internet&#8220 - -Preis: Cyberkommissar Oettinger ausgezeichnet als &#8222 - technologiefeindlicher Grantler&#8220 - - netzpolitik.org
• Researchers Find Holes in Wireless Tech Used by Czech Car Maker - The Security Ledger
• Tails - Tails 1.6 is ou
• U.N. Gives U.S. Flunking Grades on Privacy and Surveillance Righ
• From Radio to Porn - British Spies Track Web Users Online Identitie
• https://thenypost.files.wordpress.com/2015/09/091815elevatorkey04aw.jpg
• India&#039 - s Porn Block Targets Torrent Sites - CollegeHumor and 9Gag - TorrentFreak
• T-Mobile Refuses to Block The Pirate Bay - TorrentFreak
• Alec Muffett auf Twitter: &quot - There&#39 - s a Default Wifi Password FOR YOUR RIFLE&#10 - &#10 - http://t.co/4Iulg5aHer http://t.co/hzxFt1tuK5&quot -
• infosec_rogue auf Twitter: &quot - Ladies and gentlemen - I give you the &quot - new - more secure&quot - Windows 10 defaults: http://t.co/MdVNnmUF2J&quot -
• PiratenITBayern auf Twitter: &quot - Unser Kollege @derBorys von der @PiratenIT hat da mal was für die Datenschutzeinstellungen bei Windows 10 gebastelt: https://t.co/2A9Yn1ytdp&quot -
• Sgt. Howard Payne auf Twitter: &quot - This article just wouldn&#39 - t be clear without a 1/4 page 300dpi photo of the key in question @deviantollam http://t.co/K8jWaYBKZw&quot -
• Steve Streza auf Twitter: &quot - So @SouthwestAir Wi-Fi does an MITM attack against HTTP to inject JavaScript into sites that show ads. And they block VPN. Gross.&quot -
• VeraCrypt@IDRIX auf Twitter: &quot - #VeraCrypt 1.15 is out. Fix #TrueCrypt vulnerabilities CVE-2015-7358 &amp - CVE-2015-7359 reported by @tiraniddo. Details on release notes.&quot -
• Adam Langley auf Twitter: &quot - @ivanristic In short: yes. There will be a proper announcement at some point soon.&quot -
• David Mirza Ahmad auf Twitter: &quot - So this super creepy thing just happened (paging @mgeist). http://t.co/QnvdEurpRQ&quot -
• Tony Arcieri auf Twitter: &quot - The point at which Google&#39 - s software updates become indistinguishable from malware. Check out that curl -k: http://t.co/WztOKXUz78&quot -
• codeslave auf Twitter: &quot - @attractr @ioerror @mgeist Could be a #ByteMobile proxy - which has been in use - and altering webpages - with providers for 5+ years&quot -
• Bernard Bolduc auf Twitter: &quot - Printing TSA 007 master key. http://t.co/Ouijd8NHvy&quot -
• Bernard Bolduc auf Twitter: &quot - OMG - it&#39 - s actually working!!! http://t.co/rotJPJqjTg&quot -
• Daniel Bilar auf Twitter: &quot - NSA to transition to quantum-resistant algos in Suite B https://t.co/qmDSqTvWfc [see also https://t.co/UxRHMistoP ] http://t.co/ARjwRmTjoo&quot -
• Daniel Bilar auf Twitter: &quot - List of infected iOS apps from Palo Alto networks and Fox-It #XcodeGhost http://t.co/QQx3Fc7u9F&quot -
• haroon meer auf Twitter: &quot - Let&#39 - s be done with the whole &quot - combination might be a birthday&quot - ambiguity.*&#10 - &#10 - * Bonus points for reducing the space too http://t.co/DEVstCpZRr&quot -
• Ivan Ristic auf Twitter: &quot - @agl__ Any plans to turn off SSLv3 and RC4 at some point?&quot -
• John Manoogian III auf Twitter: &quot - @netik you cannot make this shit up http://t.co/NrZ9jMtsmE&quot -
• Karin Kosina auf Twitter: &quot - So the Ashley Madison data have been dumped online http://t.co/0K2KuuZyUn &quot - account details and log-ins for some 32 million users&quot - &quot -
• Let&#39 - s Encrypt auf Twitter: &quot - We&#39 - ve also applied to Google - Mozilla - Microsoft - and Apple root programs.&quot -
• Marsh Ray auf Twitter: &quot - http://t.co/Xf4WabbNUB&quot -
• mdowd auf Twitter: &quot - The iOS 8.4.1 patches contain TIFF vulnerabilities - which can be reached over MMS. Nice one - @lcamtuf !&quot -
• Paul Colombo auf Twitter: &quot - Are you kidding me @VerizonSupport? This is in no way acceptable. http://t.co/4wt2iFMj1w&quot -
• hacked auf Twitter: &quot - The Internet of Shit will lock you out of your house. http://t.co/LpI65iC4vv&quot -
• Richard Barnes auf Twitter: &quot - To experience a post-SHA-1 web - use today&#39 - s Firefox Nightly and set security.pki.sha1_enforcement_level = 1&quot -
• Sahil Malik auf Twitter: &quot - #iOS9 .01 security flaw -&#10 - 1. Lock &#10 - 2. Siri &quot - show world clock&quot - &#10 - 3. + city - type text - select - share&#10 - 4. messages&#10 - Access messages - pictures - more&quot -
• Marie Gutbub auf Twitter: &quot - Hey crypto teachers! @nsmnsr and I just made a tutorial to explain how to make a #gpgbox and teach #PGP! #CryptoParty http://t.co/HxCUq7esYA&quot -
• Barbara Wimmer auf Twitter: &quot - Herr @GOettingerEU hat gerade den #wolo15 gewonnen! Gratulation!&quot -
• Adam™ auf Twitter: &quot - HAHAHAHA. Beste Bannerplatzierung der @piratenparteiat EVAR! http://t.co/fzelA9eo9a&quot -
• he grugq auf Twitter: &quot - Thanks to the Ashley Madison hack - American newspapers are discovering that people like sex. Even people with jobs!&quot -
• Jonathan Rudenberg auf Twitter: &quot - This car has the worst TLS client http://t.co/WzC6RQ8ZDn&quot -
• TomTom auf Twitter: &quot - @bennedik Hey - we take the privacy of our customers very seriously. We hope you understand that the feature is there to protect your privacy&quot -
• orproject auf Twitter: &quot - Watch a two-minute video about how #Tor works: https://t.co/AjVxkygixT (ICYMI) #cccamp2015&quot -
• Dustin Martin auf Twitter: &quot - 10/10 CHIP ONLINE. http://t.co/zuLoj7F4rL&quot -
• Dustin Martin auf Twitter: &quot - Die haben einfach wirklich ihr Passwort getwittert? Hauptsache - es geht viral - oder? :D http://t.co/ngeyf9BoJ6&quot -
• Watch out: If you've got a smartwatch - hackers could get your data:: ECE ILLINOIS
• Privacy Badger - Electronic Frontier Foundation
• Will a VPN Protect Me? Defining Your Threat Model - IVPN
• Same origin violation and local file stealing via PDF reader — Mozilla
• NSA Spying Relies on AT&amp - T&#8217 - s &#8216 - Extreme Willingness to Help&#8217 - - ProPublica
• Windows 10 backs up your Bitlocker recovery key to OneDrive automatically. What can go wrong? : crypto
• I May Get Stoned to Death for Ga y Sex (Gay Man from Saudi Arabia Who Used Ashley Madison for Hookups) : lgb
• OwnStar - hacking cars with OnStar to locate - unlock and remote start vehicles - YouTube
• Microsoft Captures Screenshots Of Your Desktop - YouTube
• In Search of SYNful Router