little monkey

elstel.org

by Elmar Stellnberger

a̅tea v0.8.2 / gpg key of elstel.org stolen

Category: programs,
Source: SecuritySW,
Language: en,
Type:
update
.

A̅tea has been tested for verifying an XMPP/Jabber certificate. It turned out that --show-cert/--faaite-cert was not correctly implemented for non-RSA certificates: parse_pubkey tried to free a structure that was previously never allocated. The certificate serial is now not only printed as hex but also as decimal like it is displayed by the Gajim messenger. free_pubkey has been added to avoid a memory leak on certificate printout/display.

Today I have also noticed that my gpg-card used to sign the SHA512SUMS file has likely been stolen. If you have read point 6 of the epilogue of my master thesis as suggested in my previous rss message then you do already know that encrypting or signing with gpg does add no security in case of messages from/to elstel.org. I have still published a revocation for the key.




Pegasus: Morocco spied on Emanuel Macron — Compromised Hardware

Category: general,
Source: info,
Language: en,
Type:
new
.

It is a scandal that is second to none: Morocco is reported to have spied on the mobile phone of French President Emanuel Macron and some of his ministers, including Foreign Minister Jean-Yves Le Drian and the former head of government Édouard Philippe, using the surveillance software Pegasus from the Israeli company NSO Group. It is known that the President uses his cell phone to give instructions to his staff and ministers at any time of the day or night. Where do we go when a banana republic is given the tools to spy on the French state? The wiretapping of Angela Merkel's cell phone by the NSA was already a sufficient scandal. Morocco denies it, but the newspaper “Le Monde” gives us precise technical explanations for the claim.

Ultimately, we are all and will all be insecure as long as we allow our secret services to spend huge sums on the black market for security vulnerabilities. This also pays free software developers to build in security flaws instead of encouraging them to be avoided. In connection with DANE, we reported about a bug report at the Firefox browser that suggests that its developers have been bought by our secret services. Disaffected developers keep reporting to the Debian Security Newsletter and say that the development is introducing more security flaws than can ever be discovered and removed afterwards. The Firefox browser is still the best choice compared to Google Chrome, Apple Safari or Microsoft Edge, as it is the only one of these browsers that does not monitor the surfing of its users. If you use Linux, you can still protect yourself to a certain extent. But it is even worse with mobile phones, where you have to rely on the insecurely designed Android, because Ubuntu has more or less died out for mobile phones. With an app store that requires registration with the user's email address, one cannot be secure by principle. To be, you would have to be able to download the apps via Tor (“Darknet”, see also DANE). Among the big tech villains, Apple wants to stand out lately by automatically scanning private data for pictures and text messages: petition against it. Those who know that they are being monitored also behave more conformly: At first this was proven by the psychologist Gregory White and called the “Chilling Effect”. Even after the NSA revelations in 2013, we know that there was less search for content about terrorism and war. The Salzburger Nachrichten regards the NSO Group's surveillance by Pegasus as a restriction of the freedom of the press.

In the news it is always the US that gets particularly upset about cyber cracking activity. In fact, criminals as well as Russian hacker groups apply every attack vector leaked to the outside in practice. But one has to ask who has developed these weapons — and these are almost always US based agencies. Today criminals use attack methods that were once reserved to secret services. Countless companies have been victims of such attacks. But if we want secure systems, then gradual changes will not help us much. We need technology like automatic program verification along with clean, uncompromised hardware. For his diploma thesis, the author of this website worked on a technology that would be needed precisely for this: a SAT solver. In the epilogue of my diploma thesis (point 6) you can read how Western (in all probability US) secret services make a further development of my solver impossible and thus violate the author's freedom of science and employment.




Coal and Anti-Climate Lobbying

Category: general,
Source: info,
Language: en,
Type:
new
.

On Thursday the Higher Administrative Court in Münster declared the construction of the Datteln 4 coal-fired power station to be illegal because of the development plan with immediate vicinity of a residential area. This is a resounding slap in the face for Armin Laschet, who has repeatedly campaigned for the power plant in public. We have previously shared a petition against Datteln 4 because a new coal-fired power plant would have thwarted the hard-won coal exit and would not have followed the recommendations of the Coal Commission. We also have a petition for you against the demolition of other villages for coal in Germany.

But that's not all: Campact writes to us that the lobby group INSM can spread its anti-climate agitation in Germany, but factual corrections by Campact have not been printed. Advertisements for the “Initiative New Social Market Economy” were even printed in the FAZ. The Zeit refused to put Campact's ad on their website. On the other hand, the Zeit had already published lies about Annalena Baerbock's (Greens) climate protection plans. The Zeit rejects the truth about the climate protection blockade by Armin Laschet (CDU). The fact that journalistic independence is not far-fetched shows, among other things, that almost all newspapers in the USA have refused to report about the litigation against Steven Donziger who defended the Ecuadorians because of the oil poisoning by Chevron. One of the reasons for this is that an important lawyer, Gibson Dunn, not only works for the New York Times, but also for Chevron.

additional petition: against wood robbery in Nigeria.




Ocean Treaty, EU: Save the Bees!

Category: general,
Source: action, info,
Language: en,
Type:
new
.

The negotiation of a global ocean treaty to protect 30% of marine areas for recovery of wildlife is at stake but has lately been delayed by Covid. It will be necessary to save our oceans as source of food because of overfishing and to protect animals like sea turtles. Our oceans produce half of the Earth’s oxygen and are our planet’s largest reservoir of stored carbon thus essential for climate protection (see Greenpeace Aotearoa). The loss of a species like shark can cause other predators to increase thus leaving less food fish for us. Plastic littering is one of the critical problems for our oceans. Animals confuse plastic bags with food and the great pacific garbage patch has four times the size of Germany. A global treaty to stop plastic pollution would be a huge step since rulings just valid in the EU can achieve alone only little: tell South Africa to join the treaty.

Sign the European Citizen Initiative to protect our bees: 300.000 signatures are still missing for the required million. Since the recent reform of the CAP has been insufficient this is even more an opportunity. We would have the technology to reduce pesticide use and ban pesticides like Glyphosphat for good (weeding robots, biological plant protection, crop rotation, crop coproduction & more).




Bundestag Elections

Category: general,
Source: info,
Language: en,
Type:
new
.
“Because now is such a day, you don't change politics.” replied Armin Laschet (CDU) when a reporter asked him after the century flood whether he wanted to change his climate policy. And he counted as his party's climate policy successes, things the environmental protection movement had wrested from him with difficulty (links at heise.de). When it was not initially certain that the politicians would provide immediate aid, several German bands and Metallica collected donations for the flood victims (SN). The top candidates, both Annalena Baerböck (Greens) and Armin Laschet, are blamed of misconduct, namely for a prettification of her curriculum vitae and for incorrectly citing sources (that is, copied) in Armin Laschet's book “The upward climber republic”. Germany is used to a strong leadership figure and so people have resented these. But we must not forget that in the end it is the party that makes politics. Armin Laschet, the Prime Minister of North Rhine-Westphalia, the area in which some of the worst-affected flood regions are, would perhaps also like to do different politics himself, which his very first statements would also have suggested. We believe that anyone who is uncompromising for more climate protection must also vote for a party that is, too. On klimawahlcheck.org you can see the positions of the parties and so neither the CDU/CSU want an earlier coal exit than the much too late 2038, nor is the SPD enthusiastic about it. For electricity only from renewables and also for 25% organic agriculture, both parties cannot warm up. But if you want to put a stop to climate change, the emissions have to go to zero at some point and better sooner than later, otherwise warming will keep on going. Question about Cum-Ex to Olaf Scholz: “I cannot understand why you do not remember several official one-on-one meetings in your office, which involved many, many millions of euros. Are you lying to us?” (on abgeordnetenwatch.de), so far without an answer.