Meine Datenschutz und Privatsphäre Übersicht 2025, für die Allgemeinheit

Teilen er­be­ten

#DSGVO #TDDDG #Datenschutz #Privatsphäre #sicherheit #Verschlüsselung
#encryption #WEtell #Email #Cybersecurity #Pixelfed #Massenűberwachung
#Google #Metadaten #WhatsApp #Threema #Cryptpad #Signal
#Hateaid #Cyberstalking #Messenger #Browser #Youtube #NewPipe #Chatkontrolle #nichtszuverbergen #ÜberwachungsKapitalismus #Microsoft #Appel #Windows #Linux #Matrix #Mastodon #Friendica #Fediverse #Mastodir #Loops #2FA #Ransomware #Foss #VeraCrypt #HateAid #Coreboot #Volksverpetzer #Netzpolitik #Digitalisierung #FragdenStaat #Shiftphone  #OpenSource #GrapheneOS #CCC #Mail #Mullvad #PGP #GnuPG #DNS #Gaming #linuxgaming #Lutris #Protondb #eOS #Enshittification #Bloatware #TPM #Murena  #Shiftphone
#LiberaPay #GnuTaler #Taler #PreppingforFuture #FediLZ #BlueLZ #InstaLZ #ThreatModel
#FLOSS #UEFI #Medienkompetenz

( Ich bitte euch außerdem um > #niewiedercdu #noAFD )

https://cryptpad.digitalcourage.de/file/#/2/file/hfzvE2FX7wKg8kbtUScqrvqI/

Zerstörerisch: HP schrottet Notebooks per UEFI-Update

Wenn die vom Hersteller angebotene Firmware fehlerhaft ist und das Gerät anschließend unbrauchbar, darf man erwarten, dass der verursachte Schaden behoben wird.

https://www.heise.de/ratgeber/Zerstoererisch-HP-schrottet-Notebooks-per-UEFI-Update-10222807.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#BootKitty #Linux #UEFI #bootkit spotted exploiting #LogoFAIL flaws
https://securityaffairs.com/171606/malware/bootkitty-logofail-flaws.html
#securityaffairs #malware

Latest issue of my curated #cybersecurity and #infosec list of resources for week #48/2024 is out!

It includes the following and much more:

➝ Hacker in #Snowflake Extortions May Be a U.S. Soldier

➝ #Zoom Pays More For False #Encryption Claims

➝ Chinese Spy in US Sentenced

➝ The First #UEFI Bootkit Targeting #Linux Systems

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-482024?r=299go8

#ESET has probably known this for years, as others have. It's likely a nation-state or somebody who is basically doing this by using hidden payloads delivered in OS updates (a.k.a. found in the wild).

I've had the worst sort of luck maintaining dual boot on some of my PC systems. When I run an update either on #Linux or Windows, my system has been known to lose its shimx64.efi or have its content internally modified in some surreptitious way which I cannot see on my end, at all. No joke. And no bullshit. #UEFI is a lackluster standard. Microsoft keeps adhering to use of this standard because no one in industry could agree on much else at the time.

https://arstechnica.com/security/2024/11/found-in-the-wild-the-worlds-first-unkillable-uefi-bootkit-for-linux/

#Bootkitty Analyzing the first #UEFI #bootkit for #Linux https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/

Researchers at security firm #ESET said Wednesday that #Bootkitty -- the name unknown threat actors gave to their #Linux bootkit -- was uploaded to #VirusTotal earlier this month. The World's First Unkillable #UEFI Bootkit For Linux https://arstechnica.com/security/2024/11/found-in-the-wild-the-worlds-first-unkillable-uefi-bootkit-for-linux/

#Linux #UEFI #BootKit #PersistentMalware #ESET #Cybersecurity

https://arstechnica.com/security/2024/11/found-in-the-wild-the-worlds-first-unkillable-uefi-bootkit-for-linux/

#Bootkitty is the first #UEFI #Bootkit designed for #Linux systems
https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
#securityaffairs #cybersecurity #malware

Researchers Discover "Bootkitty" – First #UEFI #Bootkit Targeting #Linux Kernels
https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html

How to screw up: Set an admin bios password, do not write it down in your password manager and forget it...

UEFI is the new BIOS

The article explores how UEFI replaces BIOS, offering enhanced system security and flexibility.

https://www.leviathansecurity.com/blog/uefi-is-the-new-bios

@marcan nodds in agreement #Apple doesn't need to have backdoors in Hardware when their entire #iCould is backdoored and can be weaponized to brick devices.

• OFC similar functionality can be achieved with #CompuTrace on #amd64-based #Laptops (i.e. #ThinkPads) and compared to that, #AMT + #ManagmentEngine is trivial to #exploit and should be considered real #backdoors (abeit "well meaning" in the sense of remote provisioning of entire fleets of devices)...

Either way, these are not inherent to the used #Silicon, but entirely #Firmware-based.

• AMT for example requires a "#Intel #vPro" configuration with Intel-made Ethernet NICs (i.e. i2xx & i3xx - Series) with a Q- or C-series Chipset & supporting #UEFI, so most Systems with cheap #Realtek-NICs aren't exploitable straight-away, and even then it requires certain settings to work, so not an easy "#Pwn2Own" style exploitability...

Ja, wenn Leute nen gescheites Notebook kaufen dann ist nix mit #CMOS-Reset up #Boot-Passwort zu umgehen...

• Musst den Originalkäufer finden damit der bei Lenovo nen Reset machen lässt oder schaun ob wer das #UEFI vom #X100e gecracked hat...

https://www.youtube.com/watch?v=MgdX_wHZJrg

The Lenovo Yoga13 needs a UEFI Firmware Update.

Wish me luck, I may be gone for some time