Microsoft Azure ist auch eine Partnerschaft mit Equinor (ehemals Statoil, Norwegens staatlicher Ölgesellschaft) eingegangen, um Datendienste im Wert von Hunderten von Millionen Dollar anzubieten.
Ehrlich gesagt, geht die Liste weiter und jedes einzelne dieser Vorhaben arbeitet aktiv gegen genau die Vorhaben und Klimaaktionspläne, die Gates im Rahmen der Philanthropie vorschlägt.
Die Mythologie des Silicon Valley basiert seit jeher auf der Vorstellung, dass sich seine Firmen und Gründer anders und ambitionierter verhalten würden als die alten Industrien. "Die Welt verändern", obwohl immer ein ausgesprochen unspezifisches Mantra, sollte angeblich "in etwas Besseres" übergehen. Aber die Industrie wird nicht älter als fossile Brennstoffe. Und es wird nicht noch schlimmer für das Klima.
Die Wissenschaft könnte nicht klarer sein. Fossile Brennstoffe müssen so weit wie möglich im Boden bleiben. Es könnte tatsächlich richtig sein zu sagen, dass das Letzte, was die Welt braucht, eine fortschrittliche KI ist, die neue Ölreserven besser erkennen kann. Oder ein maschinelles Lernprogramm, das mehr kohlenstoffreiches Gas aus einer leistungsschwachen Quelle herauspressen kann. Oder Maschinen, die perfekt mit einem Netzwerk anderer automatisierter Bohrgeräte zusammenarbeiten, bis der Meeresspiegel hoch genug steigt, um alle Sensoren zu überfluten.
Ich bin mir nicht sicher, wie Googles Mission, alle Informationen der Welt zu indexieren, dazu kam, die Nebenbemühung zu beinhalten, der Welt, in der sie liegt, zu helfen, zu verbrennen. Oder wie Bill Gates über die Bekämpfung des Klimawandels in Davos sprechen kann, während sein Unternehmen die derzeit größten Beitragszahler unterstützt und antreibt. (Der wirkungsvollste Schritt, den Gates wahrscheinlich an dieser Stelle machen könnte, wäre, Microsoft zu bitten, die Kosten zu senken.
Info links:
https://www.chron.com/business/energy/article/Schlumberger-Rockwell-create-new-JV-for-the-13628114.php
https://ir.rockwellautomation.com/press-releases/press-releases-details/2019/Rockwell-Automation-and-Schlumberger-Enter-Joint-Venture-Agreement-to-Create-Sensia-the-Oil-and-Gas-Industrys-First-Fully-Integrated-Automation-Solutions-Provider/default.aspx
https://www.theguardian.com/environment/2018/oct/08/global-warming-must-not-exceed-15c-warns-landmark-un-report
https://www.wsj.com/articles/silicon-valley-courts-a-wary-oil-patch-1532424600
#google #microsoft #BigTech #BigOil #Klimawandel
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Ehrlich gesagt, geht die Liste weiter und jedes einzelne dieser Vorhaben arbeitet aktiv gegen genau die Vorhaben und Klimaaktionspläne, die Gates im Rahmen der Philanthropie vorschlägt.
Die Mythologie des Silicon Valley basiert seit jeher auf der Vorstellung, dass sich seine Firmen und Gründer anders und ambitionierter verhalten würden als die alten Industrien. "Die Welt verändern", obwohl immer ein ausgesprochen unspezifisches Mantra, sollte angeblich "in etwas Besseres" übergehen. Aber die Industrie wird nicht älter als fossile Brennstoffe. Und es wird nicht noch schlimmer für das Klima.
Die Wissenschaft könnte nicht klarer sein. Fossile Brennstoffe müssen so weit wie möglich im Boden bleiben. Es könnte tatsächlich richtig sein zu sagen, dass das Letzte, was die Welt braucht, eine fortschrittliche KI ist, die neue Ölreserven besser erkennen kann. Oder ein maschinelles Lernprogramm, das mehr kohlenstoffreiches Gas aus einer leistungsschwachen Quelle herauspressen kann. Oder Maschinen, die perfekt mit einem Netzwerk anderer automatisierter Bohrgeräte zusammenarbeiten, bis der Meeresspiegel hoch genug steigt, um alle Sensoren zu überfluten.
Ich bin mir nicht sicher, wie Googles Mission, alle Informationen der Welt zu indexieren, dazu kam, die Nebenbemühung zu beinhalten, der Welt, in der sie liegt, zu helfen, zu verbrennen. Oder wie Bill Gates über die Bekämpfung des Klimawandels in Davos sprechen kann, während sein Unternehmen die derzeit größten Beitragszahler unterstützt und antreibt. (Der wirkungsvollste Schritt, den Gates wahrscheinlich an dieser Stelle machen könnte, wäre, Microsoft zu bitten, die Kosten zu senken.
Info links:
https://www.chron.com/business/energy/article/Schlumberger-Rockwell-create-new-JV-for-the-13628114.php
https://ir.rockwellautomation.com/press-releases/press-releases-details/2019/Rockwell-Automation-and-Schlumberger-Enter-Joint-Venture-Agreement-to-Create-Sensia-the-Oil-and-Gas-Industrys-First-Fully-Integrated-Automation-Solutions-Provider/default.aspx
https://www.theguardian.com/environment/2018/oct/08/global-warming-must-not-exceed-15c-warns-landmark-un-report
https://www.wsj.com/articles/silicon-valley-courts-a-wary-oil-patch-1532424600
Source and more infos: https://gizmodo.com/how-google-microsoft-and-big-tech-are-automating-the-1832790799#google #microsoft #BigTech #BigOil #Klimawandel
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from Sunny
2019 Internet Security Threat Report.pdf
1.7 MB
📓🇬🇧 2019 Internet Security Threat Report
Take a deep dive into the latest cyber security trends.
The 2019 Internet Security Threat Report takes a deep dive into the latest trends in cyber security attacks, including ransomware, formjacking, and cloud security.
https://www.symantec.com/security-center/threat-report
#Internet #Security #Threat #Report
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Take a deep dive into the latest cyber security trends.
The 2019 Internet Security Threat Report takes a deep dive into the latest trends in cyber security attacks, including ransomware, formjacking, and cloud security.
https://www.symantec.com/security-center/threat-report
#Internet #Security #Threat #Report
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
🇬🇧 Europe's path between surveillance, capitalism and communism
Data collection, social scoring and our privacy - our guest author sees two dominant systems here, namely surveillance capitalism and communism.
When I pause for a moment and try to summarize the last ten years of digital technology history in a few sentences, the following remains: There are two dominant systems.
One is the US Facebook and Google system, which collects data from its users* in order to generate revenue from its advertisers*. And secondly, the Chinese social credit system, with the help of which state power rewards desired behavior and punishes unwanted behavior.
For the US system, Harvard professor Shosanna Zuboff coined the term "surveillance capitalism. The Chinese system could therefore be characterized as "surveillance communism.
While the US-American system has already proven its worth over the past few years in the interests of Facebook and Google shareholders*, the Chinese system is still on the verge of being baptized. Various systems are currently being tested in pilot regions and cities to test and optimize the algorithms. From 2020, a uniform social credit system is to be rolled out across the board as far as possible.
Those who pay their bills receive bonus points. Anyone who blasphemes about the government no longer has a chance with online dating. Of course, the details of China's social rating system are causing cold shivers down our spines. It seems all the more surprising to us that the majority of Chinese* women are positive about social scoring and expect it to lead to a better society with more equal opportunities and less corruption.
History and habit
Why do we react so sensitively when state systems want to curtail our privacy? The first and spontaneous answer is simple: state surveillance is a horror to most of us, because stories or our own experiences of the Gestapo and the Nazi era, the Stasi and the GDR dictatorship are still very present in our personal or collective memory.
But there is, in my opinion, another deeper reason in our socialization. These are the values of humanism to which we in Europe have been committed for some 200 years and which form the foundation of the House of the European Union. The Charter of Fundamental Rights of the European Union celebrates human dignity, freedom, equality, solidarity, democracy and the rule of law. True to the spirit of humanism, the European Union places "the person at the centre of its action" and assures everyone "the right to the protection of personal data concerning them".
However, this right has also been continuously eroded in Germany in recent decades, for example by data retention or the police task law, which were justified by the defence against terrorism and the fight against crime and always legitimised a more far-reaching invasion of privacy.
All the more serious is the question of why we are so recklessly throwing our convictions overboard and voluntarily and comprehensively feeding the data octopuses of Facebook and Google with our personal preferences. Possible, but not flattering, is the explanation provided by the Shiny Object Syndrome, which says that we are ultimately only slightly more advanced monkeys who throw their beliefs overboard at any time for a few glittering glass beads.
This thought also helps explain why, in Silicon Valley, the tech-entrepreneurial newness is organizing its generally humanistic missions (Google: Making the world's information generally accessible and usable; Facebook: giving people the opportunity to form communities and bring the world closer together), is always a backward step when it comes to continuously delighting their shareholders* with new company and growth records - even if this sometimes means resorting to questionable or even unfair methods.
Data collection, social scoring and our privacy - our guest author sees two dominant systems here, namely surveillance capitalism and communism.
When I pause for a moment and try to summarize the last ten years of digital technology history in a few sentences, the following remains: There are two dominant systems.
One is the US Facebook and Google system, which collects data from its users* in order to generate revenue from its advertisers*. And secondly, the Chinese social credit system, with the help of which state power rewards desired behavior and punishes unwanted behavior.
For the US system, Harvard professor Shosanna Zuboff coined the term "surveillance capitalism. The Chinese system could therefore be characterized as "surveillance communism.
While the US-American system has already proven its worth over the past few years in the interests of Facebook and Google shareholders*, the Chinese system is still on the verge of being baptized. Various systems are currently being tested in pilot regions and cities to test and optimize the algorithms. From 2020, a uniform social credit system is to be rolled out across the board as far as possible.
Those who pay their bills receive bonus points. Anyone who blasphemes about the government no longer has a chance with online dating. Of course, the details of China's social rating system are causing cold shivers down our spines. It seems all the more surprising to us that the majority of Chinese* women are positive about social scoring and expect it to lead to a better society with more equal opportunities and less corruption.
History and habit
Why do we react so sensitively when state systems want to curtail our privacy? The first and spontaneous answer is simple: state surveillance is a horror to most of us, because stories or our own experiences of the Gestapo and the Nazi era, the Stasi and the GDR dictatorship are still very present in our personal or collective memory.
But there is, in my opinion, another deeper reason in our socialization. These are the values of humanism to which we in Europe have been committed for some 200 years and which form the foundation of the House of the European Union. The Charter of Fundamental Rights of the European Union celebrates human dignity, freedom, equality, solidarity, democracy and the rule of law. True to the spirit of humanism, the European Union places "the person at the centre of its action" and assures everyone "the right to the protection of personal data concerning them".
However, this right has also been continuously eroded in Germany in recent decades, for example by data retention or the police task law, which were justified by the defence against terrorism and the fight against crime and always legitimised a more far-reaching invasion of privacy.
All the more serious is the question of why we are so recklessly throwing our convictions overboard and voluntarily and comprehensively feeding the data octopuses of Facebook and Google with our personal preferences. Possible, but not flattering, is the explanation provided by the Shiny Object Syndrome, which says that we are ultimately only slightly more advanced monkeys who throw their beliefs overboard at any time for a few glittering glass beads.
This thought also helps explain why, in Silicon Valley, the tech-entrepreneurial newness is organizing its generally humanistic missions (Google: Making the world's information generally accessible and usable; Facebook: giving people the opportunity to form communities and bring the world closer together), is always a backward step when it comes to continuously delighting their shareholders* with new company and growth records - even if this sometimes means resorting to questionable or even unfair methods.
The European Way: Transparency and Open Source Code
Even though the wind is currently blowing violently from west and east, with the European Charter we Europeans* have a clear compass that focuses on personal rights and the protection of users*. We need Europe-wide regulations for the protection of consumers* such as the Basic Data Protection Regulation, which are subject to severe penalties. And we also need strong personalities in the future, such as Margrethe Vestager, the EU Commissioner for Competition, who also defends our rights against the tech giants from Silicon Valley.
To take our fate back into our own hands, however, we need a joint effort from the European Internet and software industry. The key to building new services that respect personal rights lies in the network protocols that were defined in the 1960s and 1970s and that still form the basis for network communication on the Internet today. The implementations of these protocols are free of charge and can be used by anyone, as they are usually licensed under an open source license. The fact that the man-made source code of the software is also publicly accessible ensures transparency, security and trust.
Is this pure fantasy given the market power of Silicon Valley and the network effect of its closed applications? By no means! For me, Europe's Internet, cable and telecommunications providers are crucial to the success of this idea. At the moment, they run the risk of becoming an exchangeable supplier who provides the Internet infrastructure - comparable to DHL, Hermes and UPS, who bring the Amazon packages to our homes.
Europe's Internet service providers sometimes have decades of relationships with more than 500 million customers and have all been surprised by the speed and power with which developments from Silicon Valley - especially the smartphone and its applications - have become an integral part of users' lives. There are first signs that they are slowly relinquishing their reverence for Silicon Valley and are beginning to take up the battle for the hearts and minds of customers with attractive services that respect the right to privacy and the protection of personal data.
Even if at the moment it looks as if Germany and Europe are hopelessly behind in the race for technological supremacy in the 21st century, a look at recent technological history can give us courage. At the beginning of the 20th century, Henry Ford also had a quasi-monopoly in the manufacture of automobiles through the consistent implementation of assembly line production. After all, a large number of other automobile manufacturers were able to challenge this position - even if it took a few decades.
https://t3n.de/news/europas-weg-zwischen-kommunismus-1145492/
#europe #surveillance #capitalism #communism
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Even though the wind is currently blowing violently from west and east, with the European Charter we Europeans* have a clear compass that focuses on personal rights and the protection of users*. We need Europe-wide regulations for the protection of consumers* such as the Basic Data Protection Regulation, which are subject to severe penalties. And we also need strong personalities in the future, such as Margrethe Vestager, the EU Commissioner for Competition, who also defends our rights against the tech giants from Silicon Valley.
To take our fate back into our own hands, however, we need a joint effort from the European Internet and software industry. The key to building new services that respect personal rights lies in the network protocols that were defined in the 1960s and 1970s and that still form the basis for network communication on the Internet today. The implementations of these protocols are free of charge and can be used by anyone, as they are usually licensed under an open source license. The fact that the man-made source code of the software is also publicly accessible ensures transparency, security and trust.
Is this pure fantasy given the market power of Silicon Valley and the network effect of its closed applications? By no means! For me, Europe's Internet, cable and telecommunications providers are crucial to the success of this idea. At the moment, they run the risk of becoming an exchangeable supplier who provides the Internet infrastructure - comparable to DHL, Hermes and UPS, who bring the Amazon packages to our homes.
Europe's Internet service providers sometimes have decades of relationships with more than 500 million customers and have all been surprised by the speed and power with which developments from Silicon Valley - especially the smartphone and its applications - have become an integral part of users' lives. There are first signs that they are slowly relinquishing their reverence for Silicon Valley and are beginning to take up the battle for the hearts and minds of customers with attractive services that respect the right to privacy and the protection of personal data.
Even if at the moment it looks as if Germany and Europe are hopelessly behind in the race for technological supremacy in the 21st century, a look at recent technological history can give us courage. At the beginning of the 20th century, Henry Ford also had a quasi-monopoly in the manufacture of automobiles through the consistent implementation of assembly line production. After all, a large number of other automobile manufacturers were able to challenge this position - even if it took a few decades.
Source and more info(🇩🇪): https://t3n.de/news/europas-weg-zwischen-kommunismus-1145492/
#europe #surveillance #capitalism #communism
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
🇩🇪 Europas Weg zwischen Überwachung, Kapitalismus und Kommunismus
Datensammelei, Social Scoring und unsere Privatsphäre – unser Gastautor sieht hier zwei herrschende Systeme, nämlich Überwachungs-Kapitalismus und -Kommunismus.
Wenn ich einen Moment innehalte und versuche, die letzten zehn Jahre digitaler Technikgeschichte in wenigen Sätzen zusammenzufassen, bleibt Folgendes: Es gibt zwei beherrschende Systeme.
Zum einen das US-amerikanische System von Facebook und Google, das die Daten seiner Nutzer*innen sammelt, um damit Einnahmen von seinen Werbekund*innen zu erzielen. Und zum anderen das chinesische Sozialkreditsystem, mit dessen Hilfe die staatliche Macht erwünschtes Verhalten belohnt und unerwünschtes Verhalten bestraft.
Für das US-amerikanische System prägte Harvard-Professorin Shosanna Zuboff den Begriff des „Überwachungskapitalismus“. Das chinesische System ließe sich entsprechend als „Überwachungskommunismus“ charakterisieren.
Während das US-amerikanische System sich bereits seit einigen Jahren im Sinne der Anteilseigner*innen von Facebook und Google bewährt hat, steht dem chinesischen System die Feuertaufe noch bevor. Aktuell werden verschiedene Systeme in Pilotregionen und -städten erprobt, um die Algorithmen zu testen und zu optimieren. Ab 2020 soll ein einheitliches Sozialkreditsystem möglichst flächendeckend ausgerollt werden.
Wer seine Rechnungen zahlt, kriegt Bonuspunkte. Wer über die Regierung lästert, hat beim Onlinedating keine Chance mehr. Natürlich treiben Einzelheiten von Chinas sozialem Bewertungssystem bei uns kalte Schauer über den Rücken. Umso überraschender erscheint es uns, dass die Mehrheit der Chines*innen dem Social Scoring positiv entgegensieht und sich davon eine bessere Gesellschaft mit mehr Chancengerechtigkeit und weniger Korruption verspricht.
Geschichte und Gewohnheit
Warum reagieren wir so empfindlich, wenn staatliche Systeme unsere Privatsphäre beschneiden wollen? Die erste und spontane Antwort ist einfach: Staatliche Überwachung sind den allermeisten von uns ein Graus, weil Erzählungen oder eigenen Erfahrungen von Gestapo und NS-Zeit, Stasi und DDR-Diktatur in unserem persönlichen oder kollektiven Gedächtnis immer noch sehr präsent sind.
Doch es gibt meiner Meinung nach einen weiteren, tiefer liegenden Grund in unserer Sozialisation. Das sind die Werte des Humanismus, denen wir uns in Europa seit rund 200 Jahren verpflichtet fühlen und die das Fundament des Hauses der Europäischen Union bilden. Das Ganze lässt sich auf wenigen Seiten nachlesen in der Charta der Grundrechte der Europäischen Union, die Menschenwürde, Freiheit, Gleichheit, Solidarität, Demokratie und Rechtsstaatlichkeit feiert. Getreu dem Geiste des Humanismus stellt die Europäische Union „die Person in den Mittelpunkt ihres Handelns“ und sichert jeder Person „das Recht auf Schutz der sie betreffenden personenbezogenen Daten“ zu.
Allerdings ist dieses Recht auch in Deutschland in den vergangenen Jahrzehnten kontinuierlicher Aushöhlung ausgesetzt, beispielsweise durch Vorratsdatenspeicherung oder Polizeiaufgabengesetz, die mit Terrorabwehr und Kriminalitätsbekämpfung begründet wurden und stets einen weitergehenden Eingriff in die Privatsphäre legitimierten.
Umso schwerer wiegt die Frage, warum wir unsere Überzeugungen so leichtfertig über Bord werfen und freiwillig und umfassend die Datenkraken von Facebook und Google mit unseren persönlichen Vorlieben füttern. Gut möglich und doch wenig schmeichelhaft ist die Erklärung durch das „Shiny Object Syndrome“, das besagt, dass wir letztlich nur geringfügig weiterentwickelte Affen sind, die ihre Überzeugungen jederzeit für ein paar glitzernde Glasperlen über Bord werfen.
Datensammelei, Social Scoring und unsere Privatsphäre – unser Gastautor sieht hier zwei herrschende Systeme, nämlich Überwachungs-Kapitalismus und -Kommunismus.
Wenn ich einen Moment innehalte und versuche, die letzten zehn Jahre digitaler Technikgeschichte in wenigen Sätzen zusammenzufassen, bleibt Folgendes: Es gibt zwei beherrschende Systeme.
Zum einen das US-amerikanische System von Facebook und Google, das die Daten seiner Nutzer*innen sammelt, um damit Einnahmen von seinen Werbekund*innen zu erzielen. Und zum anderen das chinesische Sozialkreditsystem, mit dessen Hilfe die staatliche Macht erwünschtes Verhalten belohnt und unerwünschtes Verhalten bestraft.
Für das US-amerikanische System prägte Harvard-Professorin Shosanna Zuboff den Begriff des „Überwachungskapitalismus“. Das chinesische System ließe sich entsprechend als „Überwachungskommunismus“ charakterisieren.
Während das US-amerikanische System sich bereits seit einigen Jahren im Sinne der Anteilseigner*innen von Facebook und Google bewährt hat, steht dem chinesischen System die Feuertaufe noch bevor. Aktuell werden verschiedene Systeme in Pilotregionen und -städten erprobt, um die Algorithmen zu testen und zu optimieren. Ab 2020 soll ein einheitliches Sozialkreditsystem möglichst flächendeckend ausgerollt werden.
Wer seine Rechnungen zahlt, kriegt Bonuspunkte. Wer über die Regierung lästert, hat beim Onlinedating keine Chance mehr. Natürlich treiben Einzelheiten von Chinas sozialem Bewertungssystem bei uns kalte Schauer über den Rücken. Umso überraschender erscheint es uns, dass die Mehrheit der Chines*innen dem Social Scoring positiv entgegensieht und sich davon eine bessere Gesellschaft mit mehr Chancengerechtigkeit und weniger Korruption verspricht.
Geschichte und Gewohnheit
Warum reagieren wir so empfindlich, wenn staatliche Systeme unsere Privatsphäre beschneiden wollen? Die erste und spontane Antwort ist einfach: Staatliche Überwachung sind den allermeisten von uns ein Graus, weil Erzählungen oder eigenen Erfahrungen von Gestapo und NS-Zeit, Stasi und DDR-Diktatur in unserem persönlichen oder kollektiven Gedächtnis immer noch sehr präsent sind.
Doch es gibt meiner Meinung nach einen weiteren, tiefer liegenden Grund in unserer Sozialisation. Das sind die Werte des Humanismus, denen wir uns in Europa seit rund 200 Jahren verpflichtet fühlen und die das Fundament des Hauses der Europäischen Union bilden. Das Ganze lässt sich auf wenigen Seiten nachlesen in der Charta der Grundrechte der Europäischen Union, die Menschenwürde, Freiheit, Gleichheit, Solidarität, Demokratie und Rechtsstaatlichkeit feiert. Getreu dem Geiste des Humanismus stellt die Europäische Union „die Person in den Mittelpunkt ihres Handelns“ und sichert jeder Person „das Recht auf Schutz der sie betreffenden personenbezogenen Daten“ zu.
Allerdings ist dieses Recht auch in Deutschland in den vergangenen Jahrzehnten kontinuierlicher Aushöhlung ausgesetzt, beispielsweise durch Vorratsdatenspeicherung oder Polizeiaufgabengesetz, die mit Terrorabwehr und Kriminalitätsbekämpfung begründet wurden und stets einen weitergehenden Eingriff in die Privatsphäre legitimierten.
Umso schwerer wiegt die Frage, warum wir unsere Überzeugungen so leichtfertig über Bord werfen und freiwillig und umfassend die Datenkraken von Facebook und Google mit unseren persönlichen Vorlieben füttern. Gut möglich und doch wenig schmeichelhaft ist die Erklärung durch das „Shiny Object Syndrome“, das besagt, dass wir letztlich nur geringfügig weiterentwickelte Affen sind, die ihre Überzeugungen jederzeit für ein paar glitzernde Glasperlen über Bord werfen.
Dieser Gedanke hilft auch, zu erklären, warum im Silicon Valley die Tech-Entrepreneue ihre in aller Regel humanistischen Missionen (Google: Die Informationen dieser Welt organisieren und allgemein zugänglich und nutzbar machen; Facebook: Menschen die Möglichkeit zu geben, Gemeinschaften zu bilden und die Welt näher zusammen zu bringen) stets hinten anzustellen, wenn es gilt, ihre Shareholder*innen kontinuierlich mit neuen Unternehmens- und Wachstumsrekorden zu beglücken – auch, wenn dafür mitunter zu fragwürdigen oder gar unlauteren Methoden gegriffen werden muss.
Der europäische Weg: Transparenz und offener Quellcode
Auch wenn der Wind derzeit heftig aus West und Ost bläst, haben wir Europäer*innen mit der Europäischen Charta einen klaren Kompass, der die Persönlichkeitsrechte und den Schutz der Nutzer*innen in den Mittelpunkt stellt. Wir brauchen europaweit gültige Regelungen zum Schutz der Verbraucher*innen wie die Datenschutzgrundverordnung, die mit empfindlichen Strafen hinterlegt sind. Und wir brauchen auch in Zukunft starke Persönlichkeiten wie Margrethe Vestager, die EU-Kommissarin für Wettbewerb, die unsere Rechte auch gegenüber den Tech-Giganten aus dem Silicon Valley verteidigt.
Um unser Schicksal jedoch wieder in die eigene Hand zu nehmen, braucht es eine gemeinsame Anstrengung der europäischen Internet- und Softwareindustrie. Der Schlüssel für den Aufbau neuer, persönlichkeitsrechte-respektierender Dienste liegt in den Netzwerkprotokollen, die in den 60er und 70er Jahren definiert wurden und die bis heute die Basis für die Netzkommunikation im Internet bilden. Die Implementierungen dieser Protokolle sind kostenlos und für jedermann nutzbar, da sie in der Regel unter einer Open-Source-Lizenz stehen. Dass auch der menschengeschriebene Quellcode der Software öffentlich zugänglich ist, sorgt für Transparenz, Sicherheit und Vertrauen.
Ist das reine Phantasterei angesichts der Marktmacht des Silicon Valleys und des Netzwerkeffekts ihrer geschlossenen Anwendungen? Mitnichten! Entscheidend für den Erfolg dieser Idee sind für mich Europas Internet-, Kabel- und Telekommunikationsanbieter. Im Moment laufen sie Gefahr, zu einem austauschbaren Lieferanten zu werden, der die Internet-Infrastruktur bereitstellt – vergleichbar mit DHL, Hermes und UPS, die uns die Amazon-Pakete ins Haus bringen.
Europas Internet-Service-Provider haben mitunter jahrzehntelange Beziehungen zu mehr als 500 Millionen Kunden und wurden allesamt von der Schnelligkeit und Wucht überrascht, mit der die Entwicklungen aus dem Silicon Valley – allen voran das Smartphone mit seinen Anwendungen – zu einem integralen Bestandteil im Leben der Nutzer wurden. Es gibt erste Anzeichen, dass sie langsam ihre Ehrfurcht vor dem Silicon Valley ablegen und sich darauf besinnen, den Kampf um die Herzen und Köpfe der Kunden aufzunehmen mit attraktiven Diensten, die das Recht auf Privatsphäre und den Schutz der persönlichen Daten respektieren.
Selbst wenn es im Moment so aussieht, als lägen Deutschland und Europa im Rennen um die technologische Vorherrschaft im 21. Jahrhundert hoffnungslos zurück, so vermag der Blick in die jüngere Technikgeschichte Mut zu machen. Denn auch Henry Ford hatte zu Beginn des 20. Jahrhunderts ein Quasi-Monopol bei der Herstellung von Automobilen durch die konsequente Umsetzung der Fließbandproduktion. Immerhin konnten ihm die eine Vielzahl anderer Automobilhersteller diese Position streitig machen – auch wenn es ein paar Jahrzehnte dauerte.
#Europa #Überwachung #Kapitalismus #Kommunismus
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Der europäische Weg: Transparenz und offener Quellcode
Auch wenn der Wind derzeit heftig aus West und Ost bläst, haben wir Europäer*innen mit der Europäischen Charta einen klaren Kompass, der die Persönlichkeitsrechte und den Schutz der Nutzer*innen in den Mittelpunkt stellt. Wir brauchen europaweit gültige Regelungen zum Schutz der Verbraucher*innen wie die Datenschutzgrundverordnung, die mit empfindlichen Strafen hinterlegt sind. Und wir brauchen auch in Zukunft starke Persönlichkeiten wie Margrethe Vestager, die EU-Kommissarin für Wettbewerb, die unsere Rechte auch gegenüber den Tech-Giganten aus dem Silicon Valley verteidigt.
Um unser Schicksal jedoch wieder in die eigene Hand zu nehmen, braucht es eine gemeinsame Anstrengung der europäischen Internet- und Softwareindustrie. Der Schlüssel für den Aufbau neuer, persönlichkeitsrechte-respektierender Dienste liegt in den Netzwerkprotokollen, die in den 60er und 70er Jahren definiert wurden und die bis heute die Basis für die Netzkommunikation im Internet bilden. Die Implementierungen dieser Protokolle sind kostenlos und für jedermann nutzbar, da sie in der Regel unter einer Open-Source-Lizenz stehen. Dass auch der menschengeschriebene Quellcode der Software öffentlich zugänglich ist, sorgt für Transparenz, Sicherheit und Vertrauen.
Ist das reine Phantasterei angesichts der Marktmacht des Silicon Valleys und des Netzwerkeffekts ihrer geschlossenen Anwendungen? Mitnichten! Entscheidend für den Erfolg dieser Idee sind für mich Europas Internet-, Kabel- und Telekommunikationsanbieter. Im Moment laufen sie Gefahr, zu einem austauschbaren Lieferanten zu werden, der die Internet-Infrastruktur bereitstellt – vergleichbar mit DHL, Hermes und UPS, die uns die Amazon-Pakete ins Haus bringen.
Europas Internet-Service-Provider haben mitunter jahrzehntelange Beziehungen zu mehr als 500 Millionen Kunden und wurden allesamt von der Schnelligkeit und Wucht überrascht, mit der die Entwicklungen aus dem Silicon Valley – allen voran das Smartphone mit seinen Anwendungen – zu einem integralen Bestandteil im Leben der Nutzer wurden. Es gibt erste Anzeichen, dass sie langsam ihre Ehrfurcht vor dem Silicon Valley ablegen und sich darauf besinnen, den Kampf um die Herzen und Köpfe der Kunden aufzunehmen mit attraktiven Diensten, die das Recht auf Privatsphäre und den Schutz der persönlichen Daten respektieren.
Selbst wenn es im Moment so aussieht, als lägen Deutschland und Europa im Rennen um die technologische Vorherrschaft im 21. Jahrhundert hoffnungslos zurück, so vermag der Blick in die jüngere Technikgeschichte Mut zu machen. Denn auch Henry Ford hatte zu Beginn des 20. Jahrhunderts ein Quasi-Monopol bei der Herstellung von Automobilen durch die konsequente Umsetzung der Fließbandproduktion. Immerhin konnten ihm die eine Vielzahl anderer Automobilhersteller diese Position streitig machen – auch wenn es ein paar Jahrzehnte dauerte.
Quelle und weitere Infos (🇩🇪) auf:
https://t3n.de/news/europas-weg-zwischen-kommunismus-1145492/#Europa #Überwachung #Kapitalismus #Kommunismus
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Forwarded from Sunny
1902.05178.pdf
387.4 KB
Spectre is here to stay
An analysis of side-channels and speculative execution
https://www.zdnet.de/88355057/exspectre-forscher-verstecken-malware-in-harmlosen-apps/
https://www.zdnet.com/article/researchers-hide-malware-in-benign-apps-with-the-help-of-speculative-execution/
An analysis of side-channels and speculative execution
PDF:https://arxiv.org/pdf/1902.05178.pdfhttps://www.zdnet.de/88355057/exspectre-forscher-verstecken-malware-in-harmlosen-apps/
https://www.zdnet.com/article/researchers-hide-malware-in-benign-apps-with-the-help-of-speculative-execution/
🇬🇧 Social Engineering: protect the employee, not (only) the equipment!
Social engineering is actually nothing new: People manipulate other people. In connection with digitalization, however, this principle harbours completely new dangers.
It seems like an agent thriller: An individual employee is specifically selected to gain access to company secrets via him or to cause damage to the IT infrastructure. The methods behind it: far more than just the usual spam mails. "Social engineering" is the collective term for all kinds of perfidious methods used by criminals to gain access to company data. They have long since ceased to be pure hackers. What this means is that they cannot be stopped by IT security measures alone. Companies not only have to secure their devices, but also their employees.
Social engineering - hacking without a keyboard
The term social engineering can most easily be translated as "social manipulation". Social engineering already existed in the 80s. The technical possibilities have evolved since then, the basic principle has not changed: Human "weak points" such as stress and time pressure are exploited. If you call the right person at the right time, they often don't think. This makes it more likely that the pretended identity of the social engineer will not be verified. I quickly give the access data to the supposed system administrator. Then there is the factor of ignorance: a well forged mail has already misled many.
Curiosity is also a driving factor. A competition on Facebook? I like to register - of course simply with my profile. And social engineers already have access to all kinds of useful information about the person. And they can even hijack the entire profile.
Digitalization makes life easier: also for social engineers
The Social Engineer's basic approach is to pretend identities: he is the system administrator who has discovered a problem. The service provider who urgently needs to fix an error. The bank pretending that the account has been hacked.
The social engineer's methods are manifold. Trojans and viruses can be prevented by software and are therefore hardly worthwhile. Phishing, on the other hand, is more attractive; the spear phishing method is more perfidious and clearly more targeted: instead of blind mass mailing, one looks for the e-mail addresses of a company on the net and pretends to be a service provider or system administrator, for example. The content of the mail is an urgent request to log in in order to solve a problem. The account information is thus revealed. This can then either lead to the theft of data or to blackmail: Transfer amount x or you will not get the account back.
Similar to such phishing attacks is the CEO fraud. There the criminals pose as managing directors. A person in charge with power of attorney for an account is contacted and asked to make a transfer promptly. Of course with a reference to the urgency and the request for secrecy. Thus the damage is often discovered too late. According to the FBI, worldwide losses caused by CEO women amount to around 2.8 billion euros (as of 2016).
Another variant is so-called account takeovers. Again and again there are larger data leaks, most recently "Collection #1": Millions of passwords ended up on the net. If a criminal comes across only one combination of password and e-mail, there is quickly a problem: Many users use the same password for different services. Basically, the engineer only has to try out a few other (frequently used) pages and has relatively quick access to different accounts of the hacker - and can lock him out.
Door and gate are open - literally
Social engineers also act in real life. And here the methods are finally reminiscent of cyber-thrillers. Example USB drop: USB sticks are thrown to the ground in a parking lot (the engineer often knows who parked where). The finder inserts the stick into the computer - whether to find out who owns it or out of simple curiosity. And malware can already be installed.
Social engineering is actually nothing new: People manipulate other people. In connection with digitalization, however, this principle harbours completely new dangers.
It seems like an agent thriller: An individual employee is specifically selected to gain access to company secrets via him or to cause damage to the IT infrastructure. The methods behind it: far more than just the usual spam mails. "Social engineering" is the collective term for all kinds of perfidious methods used by criminals to gain access to company data. They have long since ceased to be pure hackers. What this means is that they cannot be stopped by IT security measures alone. Companies not only have to secure their devices, but also their employees.
Social engineering - hacking without a keyboard
The term social engineering can most easily be translated as "social manipulation". Social engineering already existed in the 80s. The technical possibilities have evolved since then, the basic principle has not changed: Human "weak points" such as stress and time pressure are exploited. If you call the right person at the right time, they often don't think. This makes it more likely that the pretended identity of the social engineer will not be verified. I quickly give the access data to the supposed system administrator. Then there is the factor of ignorance: a well forged mail has already misled many.
Curiosity is also a driving factor. A competition on Facebook? I like to register - of course simply with my profile. And social engineers already have access to all kinds of useful information about the person. And they can even hijack the entire profile.
Digitalization makes life easier: also for social engineers
The Social Engineer's basic approach is to pretend identities: he is the system administrator who has discovered a problem. The service provider who urgently needs to fix an error. The bank pretending that the account has been hacked.
The social engineer's methods are manifold. Trojans and viruses can be prevented by software and are therefore hardly worthwhile. Phishing, on the other hand, is more attractive; the spear phishing method is more perfidious and clearly more targeted: instead of blind mass mailing, one looks for the e-mail addresses of a company on the net and pretends to be a service provider or system administrator, for example. The content of the mail is an urgent request to log in in order to solve a problem. The account information is thus revealed. This can then either lead to the theft of data or to blackmail: Transfer amount x or you will not get the account back.
Similar to such phishing attacks is the CEO fraud. There the criminals pose as managing directors. A person in charge with power of attorney for an account is contacted and asked to make a transfer promptly. Of course with a reference to the urgency and the request for secrecy. Thus the damage is often discovered too late. According to the FBI, worldwide losses caused by CEO women amount to around 2.8 billion euros (as of 2016).
Another variant is so-called account takeovers. Again and again there are larger data leaks, most recently "Collection #1": Millions of passwords ended up on the net. If a criminal comes across only one combination of password and e-mail, there is quickly a problem: Many users use the same password for different services. Basically, the engineer only has to try out a few other (frequently used) pages and has relatively quick access to different accounts of the hacker - and can lock him out.
Door and gate are open - literally
Social engineers also act in real life. And here the methods are finally reminiscent of cyber-thrillers. Example USB drop: USB sticks are thrown to the ground in a parking lot (the engineer often knows who parked where). The finder inserts the stick into the computer - whether to find out who owns it or out of simple curiosity. And malware can already be installed.
So social engineers don't always use the network or telephone contact, but do their research in a simple detective manner: the victim is shadowed, the Facebook profile analyzed and habits spyed out. Often also in personal contact: A conversation is started by chance and the target is questioned. The engineer eagerly pretends to be interested. In many cases they are eloquent and empathic and the victim doesn't even notice what sensitive secrets they are revealing.
Some go further and gain access to buildings. If someone unlocks the door, the criminal follows; he has forgotten his key. The victim lets him in - he'll be right. And he avoids the confrontation and the question of whether the engineer even belongs to the company - the path of least resistance (too) many go. And even digging for information in the garbage is not against Social Engineers.
💡What to do against Social Engineering?
The dangers are numerous; but what can one do against social engineering? IT security solutions can only help to a limited extent, people must be protected.
💡Introduction of security guidelines and sensitization of employees
Employees must be thoroughly informed about the dangers of cybercrime. Every business needs policies: How can you protect yourself and what to do if there is a security breach? It's also best to talk about the latest developments and threats in the company and provide regular training, such as lectures. Most importantly, companies should make it clear to employees that if they suspect something, they need to know and not be ashamed.
💡Eyes open when posting
Sounds paranoid, but: The more detailed you post your daily routine, the more vulnerable you make yourself to social engineers. Example: Someone always posts when he works in a café. A social engineer can also appear there at some point. And a public WLAN is dangerous: Everyone who is logged on to the same WLAN can gain access to each other's computers.
💡... and links in social media
You see this example quite often in your own timeline: Suddenly someone is praising cheap sunglasses. It's relatively easy to play competitions or discount promotions specifically at people with certain interests. When they click, they have to give an app permission to access their profile. And if the exact conditions are not read through, the whole account is suddenly taken over.
💡Password solutions
Technical solutions are now available to protect against account takeovers. They can be placed on logon forms for software solutions and recognize whether a password has already been used and prevent it from being redefined. Of course, you should purchase a solution such as One-Password or Keychain that generates and stores reliable passwords.
💡Software measures in case of an attack
Companies need measures for and against cyber attacks. If an attack occurs, for example, it should be possible to automatically delete data from the target device in order to protect it.
💡Restrict usage rights
In addition, it should be carefully considered which employees have which access rights. Does he really need access to all contracts, bank accounts or documents? In this way, social engineering attacks can be mitigated.
Conclusion
The great danger in social engineering lies in the fact that it cannot be prevented to a large extent by IT methods. It requires a conscious handling of data and technology. It is not enough just to install regular updates - the knowledge of the employees also needs to be refreshed regularly.
#SocialEngineering #tip #protection #employee
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Some go further and gain access to buildings. If someone unlocks the door, the criminal follows; he has forgotten his key. The victim lets him in - he'll be right. And he avoids the confrontation and the question of whether the engineer even belongs to the company - the path of least resistance (too) many go. And even digging for information in the garbage is not against Social Engineers.
💡What to do against Social Engineering?
The dangers are numerous; but what can one do against social engineering? IT security solutions can only help to a limited extent, people must be protected.
💡Introduction of security guidelines and sensitization of employees
Employees must be thoroughly informed about the dangers of cybercrime. Every business needs policies: How can you protect yourself and what to do if there is a security breach? It's also best to talk about the latest developments and threats in the company and provide regular training, such as lectures. Most importantly, companies should make it clear to employees that if they suspect something, they need to know and not be ashamed.
💡Eyes open when posting
Sounds paranoid, but: The more detailed you post your daily routine, the more vulnerable you make yourself to social engineers. Example: Someone always posts when he works in a café. A social engineer can also appear there at some point. And a public WLAN is dangerous: Everyone who is logged on to the same WLAN can gain access to each other's computers.
💡... and links in social media
You see this example quite often in your own timeline: Suddenly someone is praising cheap sunglasses. It's relatively easy to play competitions or discount promotions specifically at people with certain interests. When they click, they have to give an app permission to access their profile. And if the exact conditions are not read through, the whole account is suddenly taken over.
💡Password solutions
Technical solutions are now available to protect against account takeovers. They can be placed on logon forms for software solutions and recognize whether a password has already been used and prevent it from being redefined. Of course, you should purchase a solution such as One-Password or Keychain that generates and stores reliable passwords.
💡Software measures in case of an attack
Companies need measures for and against cyber attacks. If an attack occurs, for example, it should be possible to automatically delete data from the target device in order to protect it.
💡Restrict usage rights
In addition, it should be carefully considered which employees have which access rights. Does he really need access to all contracts, bank accounts or documents? In this way, social engineering attacks can be mitigated.
Conclusion
The great danger in social engineering lies in the fact that it cannot be prevented to a large extent by IT methods. It requires a conscious handling of data and technology. It is not enough just to install regular updates - the knowledge of the employees also needs to be refreshed regularly.
Source and more info (🇩🇪
):https://t3n.de/news/social-engineering-mitarbeiter-1146954/
#SocialEngineering #tip #protection #employee
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
🇩🇪 Social Engineering: Schützt den Mitarbeiter, nicht (nur) die Geräte!
Social Engineering ist eigentlich nichts Neues: Menschen manipulieren andere Menschen. In Verbindung mit der Digitalisierung birgt dieses Prinzip jedoch ganz neue Gefahren.
Es erscheint wie in einem Agententhriller: Ein einzelner Mitarbeiter wird gezielt ausgewählt, um über ihn an Firmengeheimnisse zu gelangen oder Schäden an der IT-Infrastruktur zu verursachen. Die Methoden dahinter: weit mehr als nur die üblichen Spam-Mails. „Social Engineering“ ist der Sammelbegriff für allerlei perfide Methoden, mit denen Verbrecher sich Zugriff auf Unternehmensdaten verschaffen. Reine Hacker sind sie längst nicht mehr. Was bedeutet: Allein durch IT-Sicherheitsmaßnahmen lassen sie sich nicht stoppen. Unternehmen müssen nicht nur ihre Geräte sichern, sondern auch ihre Mitarbeiter.
Social Engineering – Hacken ohne Keyboard
Der Begriff Social Engineering kann am einfachsten mit „soziale Manipulation“ übersetzt werden. Schon in den 80er Jahren gab es Social Engineering. Die technischen Möglichkeiten haben sich seitdem weiterentwickelt, das Grundprinzip hat sich nicht geändert: Menschliche „Schwachpunkte“ wie Stress und Zeitdruck werden ausgenutzt. Ruft man bei der richtigen Person zur richtigen Zeit an, denkt diese häufig nicht nach. Dadurch ist die Wahrscheinlichkeit höher, dass die vorgespielte Identität des Social Engineers nicht überprüft wird. Gebe ich halt schnell dem vermeintlichen Systemadmin die Zugangsdaten. Dazu kommt dann noch der Faktor Unwissenheit: Eine gut gefälschte Mail hat schon viele in die Irre geführt.
Neugier ist ebenfalls ein treibender Faktor. Ein Gewinnspiel bei Facebook? Melde ich mich doch gerne an – natürlich einfach mit meinem Profil. Und schon haben Social Engineers Zugriff auf allerlei nützliche Informationen über die Person. Und können sogar das gesamte Profil kapern.
Digitalisierung macht das Leben leichter: Auch für Social Engineers
Die grundlegende Vorgehensweise des Social Engineers ist das Vortäuschen von Identitäten: Er ist der Systemadmin, der ein Problem entdeckt hat. Der Serviceanbieter, der ganz dringend einen Fehler beheben muss. Die Bank, die vorgibt, dass das Konto gehackt wurde.
Die Methoden des Social Engineers sind vielfältig. Trojaner und Viren sind durch Software abwendbar und daher kaum lohnend. Phishing hingegen ist attraktiver; perfider und deutlich zielgerichteter ist die Methode des Spear-Phishing: Statt blindem Massenaussand sucht man sich im Netz die E-Mail-Adressen einer Firma und gibt sich etwa als Dienstleister oder Systemadmin aus. Inhalt der Mail ist die dringende Aufforderung, sich einzuloggen, um ein Problem zu beheben. Damit sind die Kontoinformationen preisgegeben. Das kann dann entweder zum Diebstahl von Daten oder zur Erpressung führen: Überweise Betrag x oder du bekommst das Konto nicht zurück.
Ähnlich solchen Phishing-Attacken ist der CEO-Fraud. Dort geben sich die Kriminellen als Geschäftsführer aus. Es wird ein Verantwortlicher mit Kontovollmacht angeschrieben, dass er zeitnah eine Überweisung tätigen soll. Natürlich mit dem Hinweis auf die Dringlichkeit und der Bitte um Geheimhaltung. So wird der Schaden oft erst zu spät entdeckt. Weltweit belaufen sich die Schäden durch CEO-Frauds laut FBI auf rund 2,8 Milliarden Euro (Stand 2016).
Eine weitere Variante sind sogenannte Account-Takeover. Immer wieder kommt es zu größeren Datenlecks, zuletzt „Collection #1“: Millionen von Passwörtern landeten im Netz. Kommt ein Verbrecher an nur eine Kombination aus Passwort und E-Mail, gibt es schnell ein Problem: Viele Nutzer verwenden das gleiche Passwort bei verschiedenen Diensten. Im Grunde muss der Engineer nur ein paar andere (häufig genutzte) Seiten ausprobieren und hat relativ schnell Zugriff auf verschiedene Accounts des Gehackten – und kann ihn aussperren.
Social Engineering ist eigentlich nichts Neues: Menschen manipulieren andere Menschen. In Verbindung mit der Digitalisierung birgt dieses Prinzip jedoch ganz neue Gefahren.
Es erscheint wie in einem Agententhriller: Ein einzelner Mitarbeiter wird gezielt ausgewählt, um über ihn an Firmengeheimnisse zu gelangen oder Schäden an der IT-Infrastruktur zu verursachen. Die Methoden dahinter: weit mehr als nur die üblichen Spam-Mails. „Social Engineering“ ist der Sammelbegriff für allerlei perfide Methoden, mit denen Verbrecher sich Zugriff auf Unternehmensdaten verschaffen. Reine Hacker sind sie längst nicht mehr. Was bedeutet: Allein durch IT-Sicherheitsmaßnahmen lassen sie sich nicht stoppen. Unternehmen müssen nicht nur ihre Geräte sichern, sondern auch ihre Mitarbeiter.
Social Engineering – Hacken ohne Keyboard
Der Begriff Social Engineering kann am einfachsten mit „soziale Manipulation“ übersetzt werden. Schon in den 80er Jahren gab es Social Engineering. Die technischen Möglichkeiten haben sich seitdem weiterentwickelt, das Grundprinzip hat sich nicht geändert: Menschliche „Schwachpunkte“ wie Stress und Zeitdruck werden ausgenutzt. Ruft man bei der richtigen Person zur richtigen Zeit an, denkt diese häufig nicht nach. Dadurch ist die Wahrscheinlichkeit höher, dass die vorgespielte Identität des Social Engineers nicht überprüft wird. Gebe ich halt schnell dem vermeintlichen Systemadmin die Zugangsdaten. Dazu kommt dann noch der Faktor Unwissenheit: Eine gut gefälschte Mail hat schon viele in die Irre geführt.
Neugier ist ebenfalls ein treibender Faktor. Ein Gewinnspiel bei Facebook? Melde ich mich doch gerne an – natürlich einfach mit meinem Profil. Und schon haben Social Engineers Zugriff auf allerlei nützliche Informationen über die Person. Und können sogar das gesamte Profil kapern.
Digitalisierung macht das Leben leichter: Auch für Social Engineers
Die grundlegende Vorgehensweise des Social Engineers ist das Vortäuschen von Identitäten: Er ist der Systemadmin, der ein Problem entdeckt hat. Der Serviceanbieter, der ganz dringend einen Fehler beheben muss. Die Bank, die vorgibt, dass das Konto gehackt wurde.
Die Methoden des Social Engineers sind vielfältig. Trojaner und Viren sind durch Software abwendbar und daher kaum lohnend. Phishing hingegen ist attraktiver; perfider und deutlich zielgerichteter ist die Methode des Spear-Phishing: Statt blindem Massenaussand sucht man sich im Netz die E-Mail-Adressen einer Firma und gibt sich etwa als Dienstleister oder Systemadmin aus. Inhalt der Mail ist die dringende Aufforderung, sich einzuloggen, um ein Problem zu beheben. Damit sind die Kontoinformationen preisgegeben. Das kann dann entweder zum Diebstahl von Daten oder zur Erpressung führen: Überweise Betrag x oder du bekommst das Konto nicht zurück.
Ähnlich solchen Phishing-Attacken ist der CEO-Fraud. Dort geben sich die Kriminellen als Geschäftsführer aus. Es wird ein Verantwortlicher mit Kontovollmacht angeschrieben, dass er zeitnah eine Überweisung tätigen soll. Natürlich mit dem Hinweis auf die Dringlichkeit und der Bitte um Geheimhaltung. So wird der Schaden oft erst zu spät entdeckt. Weltweit belaufen sich die Schäden durch CEO-Frauds laut FBI auf rund 2,8 Milliarden Euro (Stand 2016).
Eine weitere Variante sind sogenannte Account-Takeover. Immer wieder kommt es zu größeren Datenlecks, zuletzt „Collection #1“: Millionen von Passwörtern landeten im Netz. Kommt ein Verbrecher an nur eine Kombination aus Passwort und E-Mail, gibt es schnell ein Problem: Viele Nutzer verwenden das gleiche Passwort bei verschiedenen Diensten. Im Grunde muss der Engineer nur ein paar andere (häufig genutzte) Seiten ausprobieren und hat relativ schnell Zugriff auf verschiedene Accounts des Gehackten – und kann ihn aussperren.
Tür und Tor stehen offen – wortwörtlich
Auch im echten Leben agieren Social Engineers. Und hier erinnern die Methoden endgültig an Cyber-Thriller. Beispiel USB-Drop: Auf einem Parkplatz werden USB-Sticks auf den Boden geworfen (oft weiß der Engineer, wer wo geparkt hat). Der Finder steckt den Stick in den Rechner – ob um herauszufinden, wem er gehört oder aus simpler Neugier. Und schon kann Schadsoftware installiert werden.
Social Engineers nutzen also nicht immer das Netz oder den Telefonkontakt, sondern erledigen ihre Recherche in schlichter Detektivmanier: Das Opfer wird beschattet, das Facebook-Profil analysiert und Gewohnheiten ausspioniert. Oft auch im persönlichen Kontakt: Zufällig wird ein Gespräch begonnen und das Ziel ausgefragt. Dabei täuscht der Engineer eifrig Interesse vor. In vielen Fällen sind sie eloquent und empathisch und dem Opfer fällt gar nicht auf, was für empfindliche Geheimnisse es gerade preisgibt.
Manche gehen auch weiter und verschaffen sich Zugang zu Gebäuden. Schließt jemand gerade die Tür auf, läuft der Kriminelle hinterher; er habe seinen Schlüssel vergessen. Das Opfer lässt ihn rein– wird schon stimmen. Und die Konfrontation und die Frage, ob der Engineer überhaupt zum Unternehmen gehört, vermeidet er – den Weg des geringsten Widerstands gehen (zu) viele. Und selbst das Wühlen nach Informationen im Müll ist Social Engineers nicht zuwider.
💡Was tun gegen Social Engineering?
Die Gefahren sind zahlreich; aber was kann man gegen Social Engineering unternehmen? Die IT-Sicherheitslösungen können nur bedingt helfen, der Mensch muss geschützt werden.
💡Sicherheitsrichtlinien einführen und Mitarbeiter sensibilisieren
Mitarbeiter müssen gründlich über die Gefahren der Cyberkriminalität aufgeklärt werden. Jedes Unternehmen braucht Richtlinien: Wie kann man sich schützen, und was ist bei einer Sicherheitslücke zu tun? Am besten spricht man im Unternehmen auch über neueste Entwicklungen sowie Gefahren, und sorgt für regelmäßigen Schulungen, etwa in Form von Vorträgen. Ganz wichtig: Unternehmen sollten Mitarbeitern deutlich vermitteln, dass sie bei einem Verdacht Bescheid sagen und sich nicht schämen müssen.
💡Augen auf beim Posten
Klingt paranoid, aber: Je detaillierter man seinen Tagesablauf postet, desto angreifbarer macht man sich für Social Engineers. Beispiel: Jemand postet immer, wenn er in einem Café arbeitet. Ein Social Engineer kann dann irgendwann auch dort auftauchen. Und ein öffentliches WLAN ist gefährlich: Alle, die im selben WLAN angemeldet sind, können sich Zugriff auf die Rechner des anderen verschaffen.
💡… und bei Links in sozialen Medien
Dieses Beispiel sieht man in der eigenen Timeline recht häufig: Auf einmal preist jemand billige Sonnenbrillen an. Relativ einfach lassen sich Gewinnspiele oder Rabattaktionen gezielt an Personen mit bestimmten Interessen ausspielen. Wenn die dann klicken, müssen sie einer App Erlaubnis geben, auf ihr Profil zuzugreifen. Und wenn dann die genauen Bedingungen nicht durchgelesen werden, ist auf einmal der ganze Account übernommen.
💡Passwort-Lösungen
Um sich vor Account-Takeovern zu schützen, gibt es inzwischen technische Lösungen. Sie lassen sich auf Anmeldeformulare für Softwarelösungen setzen und erkennen, ob ein Passwort schon einmal verwendet wurde und verhindern, dass es erneut festgelegt wird. Dazu sollte man sich natürlich eine Lösung wie One-Password oder Keychain anschaffen, die verlässliche Passwörter generieren und abspeichern.
💡Software-Maßnahmen im Fall einer Attacke
Unternehmen brauchen Maßnahmen für und gegen Cyberattacken. Kommt es zur Attacke, sollten beispielsweise automatisch Daten vom Zielgerät gelöscht werden können, um sie zu schützen.
💡Nutzungsrechte einschränken
Zudem sollte genau überlegt werden, welcher Mitarbeiter welche Zugangsrechte bekommt. Braucht er wirklich Zugriff auf alle Verträge, Bankkonten oder Dokumente? So können Social-Engineering-Attacken abgeschwächt werden.
Auch im echten Leben agieren Social Engineers. Und hier erinnern die Methoden endgültig an Cyber-Thriller. Beispiel USB-Drop: Auf einem Parkplatz werden USB-Sticks auf den Boden geworfen (oft weiß der Engineer, wer wo geparkt hat). Der Finder steckt den Stick in den Rechner – ob um herauszufinden, wem er gehört oder aus simpler Neugier. Und schon kann Schadsoftware installiert werden.
Social Engineers nutzen also nicht immer das Netz oder den Telefonkontakt, sondern erledigen ihre Recherche in schlichter Detektivmanier: Das Opfer wird beschattet, das Facebook-Profil analysiert und Gewohnheiten ausspioniert. Oft auch im persönlichen Kontakt: Zufällig wird ein Gespräch begonnen und das Ziel ausgefragt. Dabei täuscht der Engineer eifrig Interesse vor. In vielen Fällen sind sie eloquent und empathisch und dem Opfer fällt gar nicht auf, was für empfindliche Geheimnisse es gerade preisgibt.
Manche gehen auch weiter und verschaffen sich Zugang zu Gebäuden. Schließt jemand gerade die Tür auf, läuft der Kriminelle hinterher; er habe seinen Schlüssel vergessen. Das Opfer lässt ihn rein– wird schon stimmen. Und die Konfrontation und die Frage, ob der Engineer überhaupt zum Unternehmen gehört, vermeidet er – den Weg des geringsten Widerstands gehen (zu) viele. Und selbst das Wühlen nach Informationen im Müll ist Social Engineers nicht zuwider.
💡Was tun gegen Social Engineering?
Die Gefahren sind zahlreich; aber was kann man gegen Social Engineering unternehmen? Die IT-Sicherheitslösungen können nur bedingt helfen, der Mensch muss geschützt werden.
💡Sicherheitsrichtlinien einführen und Mitarbeiter sensibilisieren
Mitarbeiter müssen gründlich über die Gefahren der Cyberkriminalität aufgeklärt werden. Jedes Unternehmen braucht Richtlinien: Wie kann man sich schützen, und was ist bei einer Sicherheitslücke zu tun? Am besten spricht man im Unternehmen auch über neueste Entwicklungen sowie Gefahren, und sorgt für regelmäßigen Schulungen, etwa in Form von Vorträgen. Ganz wichtig: Unternehmen sollten Mitarbeitern deutlich vermitteln, dass sie bei einem Verdacht Bescheid sagen und sich nicht schämen müssen.
💡Augen auf beim Posten
Klingt paranoid, aber: Je detaillierter man seinen Tagesablauf postet, desto angreifbarer macht man sich für Social Engineers. Beispiel: Jemand postet immer, wenn er in einem Café arbeitet. Ein Social Engineer kann dann irgendwann auch dort auftauchen. Und ein öffentliches WLAN ist gefährlich: Alle, die im selben WLAN angemeldet sind, können sich Zugriff auf die Rechner des anderen verschaffen.
💡… und bei Links in sozialen Medien
Dieses Beispiel sieht man in der eigenen Timeline recht häufig: Auf einmal preist jemand billige Sonnenbrillen an. Relativ einfach lassen sich Gewinnspiele oder Rabattaktionen gezielt an Personen mit bestimmten Interessen ausspielen. Wenn die dann klicken, müssen sie einer App Erlaubnis geben, auf ihr Profil zuzugreifen. Und wenn dann die genauen Bedingungen nicht durchgelesen werden, ist auf einmal der ganze Account übernommen.
💡Passwort-Lösungen
Um sich vor Account-Takeovern zu schützen, gibt es inzwischen technische Lösungen. Sie lassen sich auf Anmeldeformulare für Softwarelösungen setzen und erkennen, ob ein Passwort schon einmal verwendet wurde und verhindern, dass es erneut festgelegt wird. Dazu sollte man sich natürlich eine Lösung wie One-Password oder Keychain anschaffen, die verlässliche Passwörter generieren und abspeichern.
💡Software-Maßnahmen im Fall einer Attacke
Unternehmen brauchen Maßnahmen für und gegen Cyberattacken. Kommt es zur Attacke, sollten beispielsweise automatisch Daten vom Zielgerät gelöscht werden können, um sie zu schützen.
💡Nutzungsrechte einschränken
Zudem sollte genau überlegt werden, welcher Mitarbeiter welche Zugangsrechte bekommt. Braucht er wirklich Zugriff auf alle Verträge, Bankkonten oder Dokumente? So können Social-Engineering-Attacken abgeschwächt werden.
Fazit
Die große Gefahr im Social Engineering liegt darin, dass es von IT-Methoden zum großen Teil nicht verhindert werden kann. Es braucht einen bewussten Umgang mit Daten und Technologie. Es reicht nicht, nur regelmäßig Updates aufzuspielen – das Wissen der Mitarbeiter muss ebenso regelmäßig aufgefrischt werden.
#SocialEngineering #Tipp #Sicherheit #Mitarbeiter
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Die große Gefahr im Social Engineering liegt darin, dass es von IT-Methoden zum großen Teil nicht verhindert werden kann. Es braucht einen bewussten Umgang mit Daten und Technologie. Es reicht nicht, nur regelmäßig Updates aufzuspielen – das Wissen der Mitarbeiter muss ebenso regelmäßig aufgefrischt werden.
Quelle und mehr Info (🇩🇪
)
https://t3n.de/news/social-engineering-mitarbeiter-1146954/#SocialEngineering #Tipp #Sicherheit #Mitarbeiter
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
🇪🇸 IBM: uno de cada cinco ataques cibernéticos es en contra de instituciones financieras.
De acuerdo con un análisis publicado por IBM, la industria financiera es víctima de 19% de los ataques cibernéticos en todo el mundo. Esto significa que uno de cada cinco ataques a la confidencialidag, integridad y disponibilidad de la información se da en contra del sistema financiero.
En segundo lugar se encuentra la industria del transporte, con 13%, la cual incluye transporte aéreo, autobuses, ferrocarriles y transporte marítimo. Las empresas de servicios profesionales, figuran en el tercer lugar de la lista de las industrias que más reciben ataques cibernéticos, con 12%, mientras que las compañías de retail y manufactura tienen un 11%.
De acuerdo con el reporte de IBM, un tercio (29%) de los ataques analizados por la compañía están vinculados con compromisos a través de correos electrónicos de phishing, es decir que buscan engañar al usuario del correo para que dé clic en un enlace y así tener acceso a su computadora o incluso a la red.
"De estos, el 45% involucró estafas de compromiso de correo electrónico comercial (BEC), también conocidas como "fraude de CEO" o ataques de caza de ballenas. Cuando se trata de los tipos más lucrativos de estafas de ingeniería social, BEC ha sido una marea creciente durante varios años que abarca todas las industrias y geografías. Las estafas de BEC pretenden originarse en un propietario o CEO o un empleado de alto rango. Se envían a quienes controlan las cuentas bancarias de la empresa con instrucciones para realizar una transferencia bancaria confidencial", refiere el informe.
"Muchos de los ataques de phishing siguen siendo hacia correos corporativos, sí bien existe phishing contra correos personales, vemos un crecimiento importante de esta práctica a correos de empresas que además son muy sofisticados", dijo Carrillo.
IBM destacó en su reporte que casi un tercio (30%) de las vulnerabilidades documentadas por sus investigadores, que han sido divulgadas en las últimas tres décadas, han sido reportadas en los últimos tres años. Esto representa más de 42.000 vulnerabilidades que la mitad (50%) de los ataques registrados en el 2018 fueron ataques nunca antes vistos.
El análisis de IBM es el resultado de un monitoreo de datos a partir de 70.000 millones de eventos de seguridad por día en más de 130 países, junto con datos derivados de activos ajenos a sus clientes, como sensores de spam y redes. "Los investigadores de X-Force también ejecutan trampas de spam en todo el mundo y monitorean decenas de millones de ataques de spam y phishing a diario, analizando miles de millones de páginas web e imágenes para detectar actividades fraudulentas y abusos de marca para proteger a nuestros clientes", apuntó la compañía.
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
De acuerdo con un análisis publicado por IBM, la industria financiera es víctima de 19% de los ataques cibernéticos en todo el mundo. Esto significa que uno de cada cinco ataques a la confidencialidag, integridad y disponibilidad de la información se da en contra del sistema financiero.
En segundo lugar se encuentra la industria del transporte, con 13%, la cual incluye transporte aéreo, autobuses, ferrocarriles y transporte marítimo. Las empresas de servicios profesionales, figuran en el tercer lugar de la lista de las industrias que más reciben ataques cibernéticos, con 12%, mientras que las compañías de retail y manufactura tienen un 11%.
De acuerdo con el reporte de IBM, un tercio (29%) de los ataques analizados por la compañía están vinculados con compromisos a través de correos electrónicos de phishing, es decir que buscan engañar al usuario del correo para que dé clic en un enlace y así tener acceso a su computadora o incluso a la red.
"De estos, el 45% involucró estafas de compromiso de correo electrónico comercial (BEC), también conocidas como "fraude de CEO" o ataques de caza de ballenas. Cuando se trata de los tipos más lucrativos de estafas de ingeniería social, BEC ha sido una marea creciente durante varios años que abarca todas las industrias y geografías. Las estafas de BEC pretenden originarse en un propietario o CEO o un empleado de alto rango. Se envían a quienes controlan las cuentas bancarias de la empresa con instrucciones para realizar una transferencia bancaria confidencial", refiere el informe.
"Muchos de los ataques de phishing siguen siendo hacia correos corporativos, sí bien existe phishing contra correos personales, vemos un crecimiento importante de esta práctica a correos de empresas que además son muy sofisticados", dijo Carrillo.
IBM destacó en su reporte que casi un tercio (30%) de las vulnerabilidades documentadas por sus investigadores, que han sido divulgadas en las últimas tres décadas, han sido reportadas en los últimos tres años. Esto representa más de 42.000 vulnerabilidades que la mitad (50%) de los ataques registrados en el 2018 fueron ataques nunca antes vistos.
El análisis de IBM es el resultado de un monitoreo de datos a partir de 70.000 millones de eventos de seguridad por día en más de 130 países, junto con datos derivados de activos ajenos a sus clientes, como sensores de spam y redes. "Los investigadores de X-Force también ejecutan trampas de spam en todo el mundo y monitorean decenas de millones de ataques de spam y phishing a diario, analizando miles de millones de páginas web e imágenes para detectar actividades fraudulentas y abusos de marca para proteger a nuestros clientes", apuntó la compañía.
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
rp-mobile-threat-report-2019.pdf
5.2 MB
The mobile platform is an increasing target for nation states to observe key individuals. Threat actors against mobile platforms are broader groups than those simply looking to boost ad revenues.
https://www.mcafee.com/enterprise/en-us/assets/reports/rp-mobile-threat-report-2019.pdf
#malware #backdoor #handy #android #threat #report
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
PDF: Mobile Malware Continues to Increase in Complexity and Scope McAfee Mobile Threat Report Q1, 2019https://www.mcafee.com/enterprise/en-us/assets/reports/rp-mobile-threat-report-2019.pdf
#malware #backdoor #handy #android #threat #report
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
🇬🇧 How Brexit is changing the Internet
The outcome of the Brexit vote has left deep marks on British society. The decision is also likely to have lasting consequences for the Internet, as disinformation and manipulation of opinion are not confined to the offline world. The British parliament is now demanding consequences for Facebook & Co. - and could thus become a worldwide model for similar laws.
The UK will soon not only cut itself off from Europe and the rest of the world when the Brexit (perhaps) takes place in a few weeks' time. The island could also play a pioneering role in platform regulation, the British government says, following the far-reaching recommendations of a parliamentary committee. This could further isolate the country, which is not particularly critical of mass surveillance, pre-installed porn filters or State Trojans - or set an example for other countries, for better or for worse.
Parliament's demands are tough. They depict large parts of the current debate and show concrete ways in which democratic societies should deal with dominant social networks, algorithmic black boxes and manipulation by users or even entire ballots: Providers like Facebook could in future be held liable for "harmful content" posted by users; they should disclose their security mechanisms and algorithms to regulators; information derived from raw data should be protected as much as personal data; and overpowering IT corporations could even be smashed if they develop into a monopoly.
Powder Barrel Brexit
Out of nowhere these proposals presented last week do not come. In fact, they are inextricably linked to the very close outcome of the referendum on British withdrawal from the EU. This led to massive disinformation, dark money flows and intransparent roped parties, both off- and online - especially in the camp of Brexit supporters. Many therefore fundamentally doubt the legitimacy of the referendum result. In order to get to the bottom of these accusations, the British House of Commons finally set up its own commission.
For 18 months, members of the Committee on Digital Affairs, Culture, the Media and Sport had scrutinised the toxic ecosystem of disinformation, opinion manipulation, election influence and data misuse. The investigation got new explosive after the data scandal around Facebook and Cambridge Analytica became known. Sensational statements by whistleblower Christopher Wylie revealed questionable linkages between the EU exit campaign and data analysis companies, which ranged from Putin's Russia to Donald Trump's US presidential campaign. The result is a more than 100-page paper with tangible demands on Prime Minister Theresa May. In terms of content, it largely coincides with the interim report on which we reported in detail last summer.
Whether the conservative government will implement the proposals of the majority of the also conservative deputies is in the stars - if only because it is hopelessly overwhelmed by the approaching Brexit and this will probably remain so for the foreseeable future. And also because leading Brexit advocates such as Michael Gove or Stephen Parkinson now hold high government offices. Both played an important role in the "Vote Leave" campaign. This campaign had commissioned the Canadian data company AggregateIQ (AIQ) to address voters in a targeted manner using micro-targeting - with information about the respective people, extracted from Facebook and cast in profiles. Because all this was half to totally illegal, Facebook has now suspended the company opaquely associated with Cambridge-Analytica parent SCL Group. But the child had long since fallen into the well.
The outcome of the Brexit vote has left deep marks on British society. The decision is also likely to have lasting consequences for the Internet, as disinformation and manipulation of opinion are not confined to the offline world. The British parliament is now demanding consequences for Facebook & Co. - and could thus become a worldwide model for similar laws.
The UK will soon not only cut itself off from Europe and the rest of the world when the Brexit (perhaps) takes place in a few weeks' time. The island could also play a pioneering role in platform regulation, the British government says, following the far-reaching recommendations of a parliamentary committee. This could further isolate the country, which is not particularly critical of mass surveillance, pre-installed porn filters or State Trojans - or set an example for other countries, for better or for worse.
Parliament's demands are tough. They depict large parts of the current debate and show concrete ways in which democratic societies should deal with dominant social networks, algorithmic black boxes and manipulation by users or even entire ballots: Providers like Facebook could in future be held liable for "harmful content" posted by users; they should disclose their security mechanisms and algorithms to regulators; information derived from raw data should be protected as much as personal data; and overpowering IT corporations could even be smashed if they develop into a monopoly.
Powder Barrel Brexit
Out of nowhere these proposals presented last week do not come. In fact, they are inextricably linked to the very close outcome of the referendum on British withdrawal from the EU. This led to massive disinformation, dark money flows and intransparent roped parties, both off- and online - especially in the camp of Brexit supporters. Many therefore fundamentally doubt the legitimacy of the referendum result. In order to get to the bottom of these accusations, the British House of Commons finally set up its own commission.
For 18 months, members of the Committee on Digital Affairs, Culture, the Media and Sport had scrutinised the toxic ecosystem of disinformation, opinion manipulation, election influence and data misuse. The investigation got new explosive after the data scandal around Facebook and Cambridge Analytica became known. Sensational statements by whistleblower Christopher Wylie revealed questionable linkages between the EU exit campaign and data analysis companies, which ranged from Putin's Russia to Donald Trump's US presidential campaign. The result is a more than 100-page paper with tangible demands on Prime Minister Theresa May. In terms of content, it largely coincides with the interim report on which we reported in detail last summer.
Whether the conservative government will implement the proposals of the majority of the also conservative deputies is in the stars - if only because it is hopelessly overwhelmed by the approaching Brexit and this will probably remain so for the foreseeable future. And also because leading Brexit advocates such as Michael Gove or Stephen Parkinson now hold high government offices. Both played an important role in the "Vote Leave" campaign. This campaign had commissioned the Canadian data company AggregateIQ (AIQ) to address voters in a targeted manner using micro-targeting - with information about the respective people, extracted from Facebook and cast in profiles. Because all this was half to totally illegal, Facebook has now suspended the company opaquely associated with Cambridge-Analytica parent SCL Group. But the child had long since fallen into the well.
"Frontal attack on the Internet" lives on
However, at least a partial implementation of the committee's recommendations is not completely absurd, even if the British ex-vice premier Nick Clegg, an intimate expert on British domestic policy, has meanwhile been appointed chief lobbyist Facebooks. The Conservatives, for example, entered the last election with a manifesto that could be described as a "frontal attack on the Internet". In this manifesto, the ultimately victorious Tories demanded, among other things, that "harmful content" be swept off the net in order to make the United Kingdom the "safest place online". "Harmful content" can, of course, be anything from a nipple to a decapitation video.
The proposal to extend this deletion approach to "terrorist propaganda" on the Internet, for example, succeeded at the European level. The explosive draft regulation, which could noticeably restrict freedom of opinion and information on the Internet, is currently being negotiated by the EU Parliament - under the leadership of a conservative British man of all people.
Now it would be unfair to blame the UK alone for the EU bill. After all, the plan received energetic support from Germany and France. And it is precisely the relatively new legal regulations - the first attempts to make platforms compulsory - of these two countries that the parliamentary report refers to, namely the German Network Enforcement Act (NetzDG) and the French law against disinformation in election campaign times.
In particular, the NetzDG would have led providers such as Facebook not to leave it at lip service: "As a result of this law, one of six Facebook moderators now works in Germany," the report says. This is proof that such laws, combined with high fines for possible violations, would work.
Social networks are not "neutral" mediators
But at this point the British MEPs don't want to stop and demand that their government get down to business. Facebook, Twitter & Co. should no longer hide behind the pretence that they are merely neutral platforms to avoid liability. Instead, there needs to be a new category for such IT companies, somewhere between "platform" and "publisher". "This approach would ensure that tech companies take legal responsibility for harmful content posted by users," write MEPs.
In other words, platforms would have to filter, detect, evaluate and, if necessary, delete all content. Or mark them accordingly, e.g. for political advertising. A binding code of ethics and finally a legal regulation should enforce this, the MEPs demand.
In principle, these proposals are not wrong. At the very latest, since Facebook, Youtube & Co. have begun to algorithmically evaluate the content on their platforms, to treat it differently and to flush particularly exciting content upwards for the purpose of maximising profits, regardless of the truth or utility value, the fairy tale of the "neutral provider" can no longer be kept.
But as so often the devil is in the detail. Because a legal regulation must have a solid legal basis and not shift the responsibility for decisions that restrict fundamental rights onto the corporations themselves - even if the responsible politicians think they are asserting something else.
Deleting what is undesirable
Most of the criticism of the NetzDG and the planned EU anti-terrorism regulation revolves around the ever-increasing privatisation of law enforcement in the digital arena. Bypassing the democratic constitutional state, a parallel legal system is increasingly establishing itself based on private, constantly changing general terms and conditions, community directives or other commercially oriented regulations. What is also removed is not necessarily what is actually illegal, but what is undesirable on the respective platform.
However, at least a partial implementation of the committee's recommendations is not completely absurd, even if the British ex-vice premier Nick Clegg, an intimate expert on British domestic policy, has meanwhile been appointed chief lobbyist Facebooks. The Conservatives, for example, entered the last election with a manifesto that could be described as a "frontal attack on the Internet". In this manifesto, the ultimately victorious Tories demanded, among other things, that "harmful content" be swept off the net in order to make the United Kingdom the "safest place online". "Harmful content" can, of course, be anything from a nipple to a decapitation video.
The proposal to extend this deletion approach to "terrorist propaganda" on the Internet, for example, succeeded at the European level. The explosive draft regulation, which could noticeably restrict freedom of opinion and information on the Internet, is currently being negotiated by the EU Parliament - under the leadership of a conservative British man of all people.
Now it would be unfair to blame the UK alone for the EU bill. After all, the plan received energetic support from Germany and France. And it is precisely the relatively new legal regulations - the first attempts to make platforms compulsory - of these two countries that the parliamentary report refers to, namely the German Network Enforcement Act (NetzDG) and the French law against disinformation in election campaign times.
In particular, the NetzDG would have led providers such as Facebook not to leave it at lip service: "As a result of this law, one of six Facebook moderators now works in Germany," the report says. This is proof that such laws, combined with high fines for possible violations, would work.
Social networks are not "neutral" mediators
But at this point the British MEPs don't want to stop and demand that their government get down to business. Facebook, Twitter & Co. should no longer hide behind the pretence that they are merely neutral platforms to avoid liability. Instead, there needs to be a new category for such IT companies, somewhere between "platform" and "publisher". "This approach would ensure that tech companies take legal responsibility for harmful content posted by users," write MEPs.
In other words, platforms would have to filter, detect, evaluate and, if necessary, delete all content. Or mark them accordingly, e.g. for political advertising. A binding code of ethics and finally a legal regulation should enforce this, the MEPs demand.
In principle, these proposals are not wrong. At the very latest, since Facebook, Youtube & Co. have begun to algorithmically evaluate the content on their platforms, to treat it differently and to flush particularly exciting content upwards for the purpose of maximising profits, regardless of the truth or utility value, the fairy tale of the "neutral provider" can no longer be kept.
But as so often the devil is in the detail. Because a legal regulation must have a solid legal basis and not shift the responsibility for decisions that restrict fundamental rights onto the corporations themselves - even if the responsible politicians think they are asserting something else.
Deleting what is undesirable
Most of the criticism of the NetzDG and the planned EU anti-terrorism regulation revolves around the ever-increasing privatisation of law enforcement in the digital arena. Bypassing the democratic constitutional state, a parallel legal system is increasingly establishing itself based on private, constantly changing general terms and conditions, community directives or other commercially oriented regulations. What is also removed is not necessarily what is actually illegal, but what is undesirable on the respective platform.
Coupled with the fact that the modern digital public sphere and opinion-forming now takes place on only a handful of platforms - a market that tends to form monopolies - and that many politicians, against their better judgement, show their belief in technology, there is a threat of arbitrary restrictions on freedom of opinion and information. Calls for the regulation of social networks sound good, but often remain remarkably blurred when it comes to concrete implementation.
Damian Collins, chairman of the committee, referred the Guardian to the German and French approaches in order to get the algorithmically amplified problems of hate speech and disinformation under control. At the same time, however, Collins made it clear who he expected to come up with which solution: Social networks "could invest more to deal with [hate speech and disinformation] and proactively recognize these contents themselves," Collins said. A proposed solution that is also to be found in the EU's anti-terrorism regulation, but which places too much trust in automated filter systems supported by artificial intelligence.
Despite all the well-meaning declarations of intent, at the end of the day Facebook would decide for itself again. In their report, MEPs say: "Companies like Facebook should not be allowed to behave like 'digital gangsters' in the online world and to believe that they are above the law.
#brexit #internet #eu #england #SocialNetworks #FreeSpeach #disinformation #responsibility #Netzpolitik
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Damian Collins, chairman of the committee, referred the Guardian to the German and French approaches in order to get the algorithmically amplified problems of hate speech and disinformation under control. At the same time, however, Collins made it clear who he expected to come up with which solution: Social networks "could invest more to deal with [hate speech and disinformation] and proactively recognize these contents themselves," Collins said. A proposed solution that is also to be found in the EU's anti-terrorism regulation, but which places too much trust in automated filter systems supported by artificial intelligence.
Despite all the well-meaning declarations of intent, at the end of the day Facebook would decide for itself again. In their report, MEPs say: "Companies like Facebook should not be allowed to behave like 'digital gangsters' in the online world and to believe that they are above the law.
Source and more info at: https://netzpolitik.org/2019/wie-der-brexit-das-internet-veraendert/#brexit #internet #eu #england #SocialNetworks #FreeSpeach #disinformation #responsibility #Netzpolitik
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Android without Google: Take back control! (Part 1)
1. android without data octopus
The article series "Your phone your data" from 2014 has played a major role in the success story of this blog. Many thousands of people wanted to learn how to get rid of Google and regain control of their Android device.
After now five years it is time for a new edition of the article series. Much has changed. Partly for the positive, partly also for the negative. Also the article series "Take back control!" requires a lot of patience and the willingness to say goodbye to one's own comfort - and of course also to the indoctrination of the manufacturers.
The ambitious goal of the article series "Take back control!" can be summarized in one sentence: You as a user should regain control over your Android device and your data. Step by step I will lead you towards this goal. Because it must finally be an end to proprietary apps and (Google) services that merely fool us into believing our independence and self-determination over our data.
2nd Google has long been evil
Directly after switching on our android we are asked to create a Google account or to link the already existing one with the device. We are pushed into the cloud and should not worry about our data, but rather trust the providers or Google "blindly". In return, so to speak, we receive a perfectly coordinated eco-system that can hardly be surpassed in terms of simplicity and convenience, but also in terms of perfidy.
Google's strategy of conquering the market with user-friendly products and services has therefore paid off. Success proves them right. But with this success story, the price paid by the actual users must always be borne in mind. They pay and pay with the data they "produce". However, they are not aware of this "paying with data" because they lack the transparency to see what is actually happening "behind their backs" when using smartphones.
Google is like a junkie, constantly on the lookout for new data sources that will allow the already accumulated data treasures to continue to grow. Google wants to know everything. In an interview with James Bennet, supervisory board chairman Eric Schmidt said:
"With your permission you give us more information about you, about your friends, and we can improve the quality of our searches. We don't need you to type at all. We know where you are. We know where you've been. We can more or less know what you're thinking about."
This remark, already made in 2010, is now more relevant than ever. Android and other Google products and services are perfectly interlocking gears that give the user an illusion of control over his data. Google relies on dark patterns or nudging to hide data protection settings, to mislead users or to prevent them from protecting their privacy with misleading formulations.
2.1 The bitter reality and small rays of hope
In 2019, the market dominance of Android is overwhelming. Over the past three years, Android's market share in the smartphone segment has continuously exceeded 85% - one could also say that Google's mobile operating system Android dominates the market like no other. Only iOS still plays a role and costs Android a few market shares.
The market dominance of Android is enormous and prevents almost every new development. It is therefore not surprising that alternative mobile operating systems like Sailfish OS or Ubuntu Touch are hardly noticed by the market and disappear from the market as fast as they have been introduced.
This market dominance of Google inevitably arouses the feeling of helplessness. Or, if we think further: without alternatives, helplessness would inevitably end in resignation. But there is hope. Over the last few years, various alternatives to Google services have emerged. Projects like the Nextcloud, OpenStreeMap, mailbox.org and others are not only a glimmer of hope, but offer a real way out of Google's ecosystem. If you would like to get to know them, we recommend the article "Bye Data Octopus: A Life Without Google".
1. android without data octopus
The article series "Your phone your data" from 2014 has played a major role in the success story of this blog. Many thousands of people wanted to learn how to get rid of Google and regain control of their Android device.
After now five years it is time for a new edition of the article series. Much has changed. Partly for the positive, partly also for the negative. Also the article series "Take back control!" requires a lot of patience and the willingness to say goodbye to one's own comfort - and of course also to the indoctrination of the manufacturers.
The ambitious goal of the article series "Take back control!" can be summarized in one sentence: You as a user should regain control over your Android device and your data. Step by step I will lead you towards this goal. Because it must finally be an end to proprietary apps and (Google) services that merely fool us into believing our independence and self-determination over our data.
2nd Google has long been evil
Directly after switching on our android we are asked to create a Google account or to link the already existing one with the device. We are pushed into the cloud and should not worry about our data, but rather trust the providers or Google "blindly". In return, so to speak, we receive a perfectly coordinated eco-system that can hardly be surpassed in terms of simplicity and convenience, but also in terms of perfidy.
Google's strategy of conquering the market with user-friendly products and services has therefore paid off. Success proves them right. But with this success story, the price paid by the actual users must always be borne in mind. They pay and pay with the data they "produce". However, they are not aware of this "paying with data" because they lack the transparency to see what is actually happening "behind their backs" when using smartphones.
Google is like a junkie, constantly on the lookout for new data sources that will allow the already accumulated data treasures to continue to grow. Google wants to know everything. In an interview with James Bennet, supervisory board chairman Eric Schmidt said:
"With your permission you give us more information about you, about your friends, and we can improve the quality of our searches. We don't need you to type at all. We know where you are. We know where you've been. We can more or less know what you're thinking about."
This remark, already made in 2010, is now more relevant than ever. Android and other Google products and services are perfectly interlocking gears that give the user an illusion of control over his data. Google relies on dark patterns or nudging to hide data protection settings, to mislead users or to prevent them from protecting their privacy with misleading formulations.
2.1 The bitter reality and small rays of hope
In 2019, the market dominance of Android is overwhelming. Over the past three years, Android's market share in the smartphone segment has continuously exceeded 85% - one could also say that Google's mobile operating system Android dominates the market like no other. Only iOS still plays a role and costs Android a few market shares.
The market dominance of Android is enormous and prevents almost every new development. It is therefore not surprising that alternative mobile operating systems like Sailfish OS or Ubuntu Touch are hardly noticed by the market and disappear from the market as fast as they have been introduced.
This market dominance of Google inevitably arouses the feeling of helplessness. Or, if we think further: without alternatives, helplessness would inevitably end in resignation. But there is hope. Over the last few years, various alternatives to Google services have emerged. Projects like the Nextcloud, OpenStreeMap, mailbox.org and others are not only a glimmer of hope, but offer a real way out of Google's ecosystem. If you would like to get to know them, we recommend the article "Bye Data Octopus: A Life Without Google".
In the following, we will deal specifically with Android and what alternatives and possibilities we have to free ourselves not only from Google's tentacles, but how we can achieve an overall self-determined handling of our data on the smartphone.
3 What we can achieve
Before we regain control of our android, a problem of the smartphone world should not go unmentioned: The lack of verifiability or transparency of proprietary hardware chips (e.g. basebands). Even if we only use open source software on a smartphone, the trustworthiness is directly influenced by the underlying hardware. However, this consideration leads too far in the context of the series of articles, since this is particularly relevant if a (state) secret service wants to gain access. But the combination of open source software and (semi-)open or proprietary hardware will at least protect us from the ubiquitous data krakens like Google and Co.
That's why I don't want to leave out the obligatory note and make it unmistakably clear: The project "Take back control!" does not protect against targeted surveillance by secret services or other organizations that have "targeted" you.
Regardless of these "restrictions", we want to achieve the following with our project:
✅Complete control over your own data
✅Independent and self-determined use of the device
✅The decoupling from the Google eco-system
✅The exit from the advertising machinery of the manufacturers
✅Protection against advertising profiling
Ultimately, our ambitious goal must be to regain dominion and control over our data - even if it always remains a "blind spot". As soon as you exchange data with other people, be it via e-mail or Messenger, there is simply no guarantee that the transmitted data will be treated sensitively by the recipient or that it will not end up in the Microsoft cloud immediately upon receipt, or that the contact data will be synchronized via a Google account.
Ultimately this means that even if you handle your data responsibly and only use services and software that keep you in control, you are always exposed to external influences. However, this should not diminish our goal, but make us aware that the protection of our own data sovereignty depends on various factors.
4. the components
Our ambitious goal of a "free Android" can only be achieved if we include all necessary components and combine them to a whole. Only the interaction as a "whole" allows us to regain our independence and data control. In my opinion, the following components are necessary for this:
Operating system:
The central software component of our Android is based on the free operating system LineageOS. This Android operating system variant is available for many smartphones, is constantly further developed by an active community and does not contain any Google apps. In the context of the article series "Take back control! I decided in advance for the BQ Aquaris X Pro. With this device I will describe the unlock process and the installation of LineageOS. Of course you can follow the article series even if you don't have a BQ Aquaris X (Pro).
App Store:
Many users only know the Google Play Store as a source for new apps. As an alternative we will use for our Projekt F-Droid, where only "free" and "open source" apps will be offered for download. If you want to get apps from the Google Play Store later, you can use alternatives like the Yalp Store.
Apps:
We will only use free and open source apps from F-Droid. The FOSS apps available there will be of particular benefit to critical users who value apps that do not require a tracker or deal sensitively with (fed) data.
Services:
We will only become independent of Google's ecosystem if we also say goodbye to Google on other levels or services. For example, alternative services for e-mails, Google Maps, etc. must be used.
Tools:
We get additional control over Android with tools like AFWall+, Magisk or XPrivacyLua - the latter is only necessary if you don't want to or can't do without apps from the Google Play Store.
3 What we can achieve
Before we regain control of our android, a problem of the smartphone world should not go unmentioned: The lack of verifiability or transparency of proprietary hardware chips (e.g. basebands). Even if we only use open source software on a smartphone, the trustworthiness is directly influenced by the underlying hardware. However, this consideration leads too far in the context of the series of articles, since this is particularly relevant if a (state) secret service wants to gain access. But the combination of open source software and (semi-)open or proprietary hardware will at least protect us from the ubiquitous data krakens like Google and Co.
That's why I don't want to leave out the obligatory note and make it unmistakably clear: The project "Take back control!" does not protect against targeted surveillance by secret services or other organizations that have "targeted" you.
Regardless of these "restrictions", we want to achieve the following with our project:
✅Complete control over your own data
✅Independent and self-determined use of the device
✅The decoupling from the Google eco-system
✅The exit from the advertising machinery of the manufacturers
✅Protection against advertising profiling
Ultimately, our ambitious goal must be to regain dominion and control over our data - even if it always remains a "blind spot". As soon as you exchange data with other people, be it via e-mail or Messenger, there is simply no guarantee that the transmitted data will be treated sensitively by the recipient or that it will not end up in the Microsoft cloud immediately upon receipt, or that the contact data will be synchronized via a Google account.
Ultimately this means that even if you handle your data responsibly and only use services and software that keep you in control, you are always exposed to external influences. However, this should not diminish our goal, but make us aware that the protection of our own data sovereignty depends on various factors.
4. the components
Our ambitious goal of a "free Android" can only be achieved if we include all necessary components and combine them to a whole. Only the interaction as a "whole" allows us to regain our independence and data control. In my opinion, the following components are necessary for this:
Operating system:
The central software component of our Android is based on the free operating system LineageOS. This Android operating system variant is available for many smartphones, is constantly further developed by an active community and does not contain any Google apps. In the context of the article series "Take back control! I decided in advance for the BQ Aquaris X Pro. With this device I will describe the unlock process and the installation of LineageOS. Of course you can follow the article series even if you don't have a BQ Aquaris X (Pro).
App Store:
Many users only know the Google Play Store as a source for new apps. As an alternative we will use for our Projekt F-Droid, where only "free" and "open source" apps will be offered for download. If you want to get apps from the Google Play Store later, you can use alternatives like the Yalp Store.
Apps:
We will only use free and open source apps from F-Droid. The FOSS apps available there will be of particular benefit to critical users who value apps that do not require a tracker or deal sensitively with (fed) data.
Services:
We will only become independent of Google's ecosystem if we also say goodbye to Google on other levels or services. For example, alternative services for e-mails, Google Maps, etc. must be used.
Tools:
We get additional control over Android with tools like AFWall+, Magisk or XPrivacyLua - the latter is only necessary if you don't want to or can't do without apps from the Google Play Store.
Correct settings:
The installation of LineageOS alone is not enough. Only the activation of the device encryption and a sufficiently long unlock PIN will protect your data from physical attackers. In short: Also the settings of the system play a role, because also in LineageOS we encounter critical default settings.
Common sense:
Technology alone cannot protect you from Google's data collection frenzy. Common sense is also needed to make all the above components work.
⚠️ In the coming parts of the article series I will deal in detail with the components only briefly introduced here. You should be aware that switching to an alternative system (LineageOS) does not necessarily protect you from the unwanted outflow of sensitive data. It requires further adjustments and the correct use of the tools linked above. Please consider this, if you want to use tools like AFWall+ already before the detailed denoscription, in further parts of the article series.
5. conclusion
The road to more control over the Android device and your own data is rocky. It's often not easy to dare to break out of the Google eco-system by taking advantage of the convenience you've grown fond of and self-taught.
Whether the individual will ultimately succeed in regaining a (large) piece of informational self-determination depends solely on the individual's willingness to learn and take on personal responsibility. The inner pig will be your biggest enemy.
#android #NoGoogle #guide #part1 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
The installation of LineageOS alone is not enough. Only the activation of the device encryption and a sufficiently long unlock PIN will protect your data from physical attackers. In short: Also the settings of the system play a role, because also in LineageOS we encounter critical default settings.
Common sense:
Technology alone cannot protect you from Google's data collection frenzy. Common sense is also needed to make all the above components work.
⚠️ In the coming parts of the article series I will deal in detail with the components only briefly introduced here. You should be aware that switching to an alternative system (LineageOS) does not necessarily protect you from the unwanted outflow of sensitive data. It requires further adjustments and the correct use of the tools linked above. Please consider this, if you want to use tools like AFWall+ already before the detailed denoscription, in further parts of the article series.
5. conclusion
The road to more control over the Android device and your own data is rocky. It's often not easy to dare to break out of the Google eco-system by taking advantage of the convenience you've grown fond of and self-taught.
Whether the individual will ultimately succeed in regaining a (large) piece of informational self-determination depends solely on the individual's willingness to learn and take on personal responsibility. The inner pig will be your biggest enemy.
Soure and more infos / read in german (🇩🇪
) at:https://www.kuketz-blog.de/android-ohne-google-take-back-control-teil1/
#android #NoGoogle #guide #part1 #kuketz
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Audio
🎧🇬🇧 Drugs as Weapons Against Us
Porkins Policy Radio episode 175 John Potash
Writer and filmmaker John Potash joined me to discuss his latest documentary Drugs As Weapons Against Us. We talked about the main thesis behind the film and the original book. We discussed about the CIA’s involvement in the LSD movement in the 1960’s with groups like The Brotherhood of Eternal Love and the Mellon Hitchcock family.
📻 Web player: http://podplayer.net/?id=64489847
http://JohnPotash.com
#drugs #weapons #CIA #Podcast
📡 @NoGoolag
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
Porkins Policy Radio episode 175 John Potash
Writer and filmmaker John Potash joined me to discuss his latest documentary Drugs As Weapons Against Us. We talked about the main thesis behind the film and the original book. We discussed about the CIA’s involvement in the LSD movement in the 1960’s with groups like The Brotherhood of Eternal Love and the Mellon Hitchcock family.
📻 Web player: http://podplayer.net/?id=64489847
http://JohnPotash.com
#drugs #weapons #CIA #Podcast
📡 @NoGoolag
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES