Nitrokey partners with Gentoo Foundation to equip developers with USB keys

The Gentoo Foundation has partnered with Nitrokey to equip all Gentoo developers with free Nitrokey Pro 2 devices. Gentoo developers will use the Nitrokey devices to store cryptographic keys for signing of git commits and software packages, GnuPG keys, and SSH accounts.

Thanks to the Gentoo Foundation and Nitrokey’s discount, each Gentoo developer is eligible to receive one free Nitrokey Pro 2. To receive their Nitrokey, developers will need to register with their email address at the dedicated order form.

Full article


UK train passengers offered smart tickets

According BBC more UK train passengers will have the option to use paperless tickets.

From a privacy perspective it is very important you can buy these tickets using cash and without any registration needed. If not, please remember that information being stored not only can but for sure will be hacked.

There is no reason for a public transportation company to know who is traveling, the only thing you have to prove is that your ticket is paid.

In case you say something like I have nothing to hide and therefore accept being registered, please remember that history will repeat. Who could in the 1880’s imagine what would happen in Germany 50 years later. Who could think that it would be life-threatening to say that you were Jewish?

Please remember that privacy and integrity is a human right according UN!


Mysterious Hackers Hid Their Swiss Army Spyware for 5 Years


It’s not every day that security researchers discover a new state-sponsored hacking group. Even rarer is the emergence of one whose spyware has 80 distinct components, capable of strange and unique cyberespionage tricks—and who’s kept those tricks under wraps for more than five years.

In a talk at the Kaspersky Security Analyst Summit in Singapore Wednesday, Kaspersky security researcher Alexey Shulmin revealed the security firm’s discovery of a new spyware framework—an adaptable, modular piece of software with a range of plugins for distinct espionage tasks—that it’s calling TajMahal. The TajMahal framework’s 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks. It can intercept documents in a printer queue, and keep track of “files of interest,” automatically stealing them if a USB drive is inserted into the infected machine. And that unique spyware toolkit, Kaspersky says, bears none of the fingerprints of any known nation-state hacker group.

Full article


Best VPN?

Mullvad Logo

We’ve just found another web site putting a Best VPN 2019 label on a VPN service. The new thing about this site is that they even mention “Best alternatives to Mullvad VPN”.

Affiliate Programs

When you visit one of all those sites giving you recommendations what VPN service to use, please take into consideration why the site recommends either this or that service.

Many VPN services offer so called Affiliate Programs meaning they give a kick-back to companies selling their services.

Money talks?

Could it be so that money talks when a site gives a recommendation? We expect that it’s technical and integrity aspects but we can’t be sure, can we?

News sites

Even serious(?) news sites use those Best VPN sites when they publish articles about what VPN service to use.


We strongly recommend Mullvad VPN. On their site they publish their privacy policy.


Do you dare to use Facebook?

According an article at Facebook has done it again!

The normal way to verify an e-mail address is to get a mail with either a link or a code to your inbox. By clicking on the link in the mail or by copy-paste the code you could have your e-mail address verified.

Facebook have had a page where they asked for the password to your e-mail account.

This is, as you might have guessed, a very big no-no!

Do you ever trust Facebook from now on?


New Apache Web Server Bug Threatens Security of Shared Web Hosts

The Hacker News

Mark J Cox, one of the founding members of the Apache Software Foundation and the OpenSSL project, today posted a tweet warning users about a recently discovered important flaw in Apache HTTP Server software.

The Apache web server is one of the most popular, widely used open-source web servers in the world that powers almost 40 percent of the whole Internet.

The vulnerability, identified as CVE-2019-0211, was discovered by Charles Fol, a security engineer at Ambionics Security firm, and patched by the Apache developers in the latest version 2.4.39 of its software released today.

The flaw affects Apache HTTP Server versions 2.4.17 through 2.4.38 and could allow any less-privileged user to execute arbitrary code with root privileges on the targeted server.

Full article


Is it over with satire now?

Perhaps you have heard that the EU decision on Article 11 and Article 13 means that the satire on the Internet is over.

We have higher thoughts about internet users. The filters that Google, Facebook and other actors will be forced to use will of course be circumvented.

Imagine what good it would be if the EU did not have agree to the two articles, but at the same time you have to respect those who want to publish their works with copyright instead of making them freely available to everyone to use. No, Article 11 and Article 13 is not the optimal for the free speech.


Mark Zuckerberg asks for new rules

In The Washington Post Mark Zuckerberg says that Internet needs new regulation in four areas: harmful content, election integrity, privacy and data portability.

…effective privacy and data protection needs a globally harmonized framework.

Mark Zuckerbeg

Mr Zuckerberg also say that “it would be good for the Internet if more countries adopted regulation such as GDPR as a common framework”. We agree to this.

What also is very important is that governmental agencies shouldn’t be allowed to force companies to store information about their citizens. We understand that information, including meta data, about individuals in some cases are important for agencies to have access to, but as per now companies in many countries have to store data in case the agencies later would need it.

We ask for rules that makes is mandatory for telephone operators, ISP:s etc to immediately start collecting information about a specific phone number or IP address after a court order. Until the police and other agencies have a court order, the rest of us should be treated as innocent!