SHA-1 broken

Seems that a team around Google managed to hit the first SHA1 Collision, creating two identical SHA1 checksums for two absolutely different documents.

At current time, they took about nearly 7000 years of single-CPU and GPU calculation (12 million GPU years) – but we had similar high rates at first attack on PPTP. As we all know, in 2012 it only took 23 hours to attack PPTP due to faster computing power. Within a few more years of development, SHA1 attack might work in similar timeframes.

http://shattered.io/

https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

Flaw in Intel C2000 Chipset series

Ok, we all heard or read that there is a flaw in a series of Intel’s Avoton CPUs. Currently, it seems the only “official” statement is the following quote from The Register:

The well-placed insider, who spoke to The Register on condition of anonymity, said the problem – which results in bricked systems – became apparent to engineers at product makers when the return rate on gear spiked about 18 months ago.

We have a “well-placed insider” who wants to remain anonymous, and based on this everyone starts to blame hardware vendors that do have this Chip installed ? It seems the only official statement at this time from Intel – the guys that produce the CPU itself – is the following:

“AVR54: System May Experience Inability to Boot or May Cease Operation” … “The SoC LPC_CLKOUT0 and/or LPC_CLKOUT1 signals (Low Pin Count bus clock outputs) may stop functioning.”

http://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/atom-c2000-family-spec-update.pdf

According to my experience, ANY computer related product may stop functioning without any further warning. According to Intel, C2000 Series seems to have a slightly higher possibility that they may stop functioning. 

Let’s face the truth – those devices out there are runnnig for more than 18 months. Most of them did not fail, otherwise we would have already read about “All units of Series xxx of company yyy are dying after short time of usage” in the usual news.

JDownloader on Synology DSM

This was the day. I wanted to check my downloads over the night, and connection to my DS916+ took ages. Luckily I had SSH open, so I logged into and checked processes.

Wow – average load of 58, seemed to be related to a running VirtualDSM process. Ok, for fast solution, shut all down. After load was back stable, power back one after the other.

First tried to check my JDownloader Virtual instance – no login available? Tried SSH – login OK. dmesg? lots of terminated processes. df -h? Aha!

Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda1 1998672 1982288 0 100% /
none 507380 0 507380 0% /dev
/tmp 511816 1036 510780 1% /tmp
/run 511816 1568 510248 1% /run

Ok, thanks to some guys to create a JDownloader inofficial app – but, hey guys, why do you allow default logs to fill up system partition?

My fast long-term solution:

rm /var/log/JDownloader.log

ln -sf /dev/null /var/log/JDownloader.log

This will redirect all new JDownloader logs to /dev/null, keeping my system partition stable.

Moving from HMA to IPVanish

As some of you out there, I am using a VPN software from time to time to hide my original identity when browsing the net. One of the main reasons is the high censorship – and lawyers waiting about to sue you after accidentally visiting a “wrong” site, here in germany,

Previously I used HMA – “Hide my Ass” for my privacy. They offer a simple UI, Android client, lots of servers worldwide and they also provide a manual about how to setup your Synology NAS to work with HMA.

Also, when just browsing for “good VPN provider” they are in the top list. So, that was my previous reason.

I guess I took this the too easy way, and I must admit that I did not check for any details when I started to use them. After some time I read some bad news.

-https://vpn.hidemyass.com/vpncontrol/privacy.html

Your IP address is logged by us so that we can prevent any spam, fraud or abuse of our Site and our services. We may store this data for up to two years, unless we are required, for legal reasons or under exceptional circumstances, to retain this data for an extended period.

And yes, HMA is able to track down the IP address of any connection to any user (found at Reddit):

View post on imgur.com

After this, I cancelled my account immediately and searched for another VPN provider. My current favourite is IP Vanish, which offers similar services but no trackable logging. They do not offer a detailed setup, but it was a simple way to also configure my Synology NAS for using IP Vanish.

 

Reopening soon

After few years of absence I decided to reboot this blog shortly. Main decision is because it’s now located on private server and got SSL certificate thank’s to Let’s Encrypt Project.

As you might have noticed, language will more focus on english to be able to contact even more people out there. Eventually I will archive the old blog soon, to make a visible split between the history of 2013 and early, and the time starting now.

Besides of that, main topics will stay the same. So expect more “Just Stuff” coming soon.

Erdbeben durch Fracking

Nach einer Studie ist das bei uns zur Zeit verbotene Fracking möglicherweise Schuld an einer Reihe kleinerer Erdbeben im US-Bundesstaat Texas.

Es gibt zudem eine hohe Wahrscheinlichkeit das eine vergleichbare Technik Ursache war für das schwere Beben in Oklahoma 2011.

http://mobile.bloomberg.com/news/2013-08-27/texas-earthquakes-linked-to-oil-extraction-by-fracking.html

Endlich aufgewacht? Trusted Computing: Bundesregierung warnt vor Windows 8 | ZEIT ONLINE

Scheinbar sind die Medien und die Regierung endlich aufgewacht aus ihrem Schlaf. Die Warnungen sind allerdings mehr als lächerlich – viele Verfechter von Open Source haben genau davor gewarnt – und zwar schon vor mehreren Jahren

http://www.zeit.de/digital/datenschutz/2013-08/trusted-computing-microsoft-windows-8-nsa

Login-Problem mit Hangouts bei Android

Ich hatte einige Tage das Problem, daß ich mich nach einer neuinstallation von Hangouts nicht mehr bei Google anmelden konnte. “Ein Problem ist bei der Anmeldung aufgetreten” oder so hieß es. Google hatte natürlich die typischen Tips für Win-dau User: “Testen Sie dies und das und wenn das nicht geht installieren Sie alles neu”.

Auf der folgenden Seite habe ich dann die Lösung gefunden.

http://webtrickz.com/fix-google-hangouts-error-couldnt-sign-in-on-android/

Also: Google Play Services im App-Management deinstallieren und Hangouts starten. Dieser meldet sich dann scheinbar an und verlangt danach die Installation von Google Play Services. Danach wird die Verbindung sauber aufgebaut und Hangouts läuft wieder einwandfrei.

Visa und MasterCard verbieten VPN?

Lese gerade bei Twitter das angeblich Visa und MC über ihre allgemeinen Nutzungsbedingungen keine Zahlungen für freie VPN Provider mehr erlauben. Sollte das stimmen, so lassen damit die beiden grössten Anbieter von Kreditkarten eine einfache Verschlüsselung bzw anonymisierung nicht mehr zu. Im Zuge von Prism könnte man annehmen, das dies auf Druck der US-Regierung passiert ist.

Anonymous (@YourAnonNews) hat um 4:40 vorm. on Do., Jul 04, 2013 getwittert:
.@MasterCard & @Visa Start To Ban VPN Providers http://t.co/snemfZk0jh This is nothing less than an extrajudicial fascist assault on privacy
(https://twitter.com/YourAnonNews/status/352617963846770688)

Google Glass – wozu ?

Vor ein paar Wochen hat Google sein Glass an ausgewählte Entwickler und Tester verschickt. Viele denen ich davon erzählt habe, kamen direkt mit der Frage “Und wozu braucht man das?” oder, noch schlimmer “Das ist doch nur was für ein paar Freaks oder ganz bestimmte Bereiche.” Auf Youtube findet sich seit kurzem ein Video, was die Möglichkeiten von Glass im Alltag sehr schön darstellt.

If you don't find it here – you'll find it somewhere else.