little monkey

elstel.org

by Elmar Stellnberger

Without Further Commenting

Category: general,
Source: info,
Link: about:blank,
Language: en,
Type:
new
.



Stop the Money Pipeline

Category: general,
Source: info, action,
Language: en,
Type:
new
.
From 31 October to 12 November 2021 the most important climate talks of the COP 26 since the Paris Agreement will take place in Glasgow, Scotland. Call on the US government to use its power as a financial regulator to reign in banks, insurance companies and asset managers and to use its power over the FED to stop climate chaos. They could restrict banks and other financial institutions from directly owning fossil-fuel or deforestation-causing commodities or businesses. They need to require investment advisors and fiduciaries to implement their clients’ value green choices, they need to include climate and financial stability conditions in Treasury- or Fed-backed emergency or stimulus initiatives. They could incorporate climate into stress tests and scenario analyses, green public lending and make sure pension funds divest to become fossil free. Neither could all the harmful tar sand pipeline projects move forward without financial backing guaranteed by the state. It is about all and nothing! You can read more about it at stopthemoneypipeline.com, as well as about Biden´s last and futurely demanded executive orders for finance. Also sign the demand directly addressed to president Joe Biden.



a̅tea v0.8.2 / gpg key of elstel.org stolen

Category: programs,
Source: SecuritySW,
Language: en,
Type:
new
.

A̅tea has been tested for verifying an XMPP/Jabber certificate. It turned out that --show-cert/--faaite-cert was not correctly implemented for non-RSA certificates: parse_pubkey tried to free a structure that was previously never allocated. The certificate serial is now not only printed as hex but also as decimal like it is displayed by the Gajim messenger. free_pubkey has been added to avoid a memory leak on certificate printout/display.

Today I have also noticed that my gpg-card used to sign the SHA512SUMS file has likely been stolen. If you have read point 6 of the epilogue of my master thesis as suggested in my previous rss message then you do already know that encrypting or signing with gpg does add no security in case of messages from/to elstel.org. I have still published a revocation for the key.




Pegasus: Morocco spied on Emanuel Macron — Compromised Hardware

Category: general,
Source: info,
Language: en,
Type:
new
.

It is a scandal that is second to none: Morocco is reported to have spied on the mobile phone of French President Emanuel Macron and some of his ministers, including Foreign Minister Jean-Yves Le Drian and the former head of government Édouard Philippe, using the surveillance software Pegasus from the Israeli company NSO Group. It is known that the President uses his cell phone to give instructions to his staff and ministers at any time of the day or night. Where do we go when a banana republic is given the tools to spy on the French state? The wiretapping of Angela Merkel's cell phone by the NSA was already a sufficient scandal. Morocco denies it, but the newspaper “Le Monde” gives us precise technical explanations for the claim.

Ultimately, we are all and will all be insecure as long as we allow our secret services to spend huge sums on the black market for security vulnerabilities. This also pays free software developers to build in security flaws instead of encouraging them to be avoided. In connection with DANE, we reported about a bug report at the Firefox browser that suggests that its developers have been bought by our secret services. Disaffected developers keep reporting to the Debian Security Newsletter and say that the development is introducing more security flaws than can ever be discovered and removed afterwards. The Firefox browser is still the best choice compared to Google Chrome, Apple Safari or Microsoft Edge, as it is the only one of these browsers that does not monitor the surfing of its users. If you use Linux, you can still protect yourself to a certain extent. But it is even worse with mobile phones, where you have to rely on the insecurely designed Android, because Ubuntu has more or less died out for mobile phones. With an app store that requires registration with the user's email address, one cannot be secure by principle. To be, you would have to be able to download the apps via Tor (“Darknet”, see also DANE). Among the big tech villains, Apple wants to stand out lately by automatically scanning private data for pictures and text messages: petition against it. Those who know that they are being monitored also behave more conformly: At first this was proven by the psychologist Gregory White and called the “Chilling Effect”. Even after the NSA revelations in 2013, we know that there was less search for content about terrorism and war. The Salzburger Nachrichten regards the NSO Group's surveillance by Pegasus as a restriction of the freedom of the press.

In the news it is always the US that gets particularly upset about cyber cracking activity. In fact, criminals as well as Russian hacker groups apply every attack vector leaked to the outside in practice. But one has to ask who has developed these weapons — and these are almost always US based agencies. Today criminals use attack methods that were once reserved to secret services. Countless companies have been victims of such attacks. But if we want secure systems, then gradual changes will not help us much. We need technology like automatic program verification along with clean, uncompromised hardware. For his diploma thesis, the author of this website worked on a technology that would be needed precisely for this: a SAT solver. In the epilogue of my diploma thesis (point 6) you can read how Western (in all probability US) secret services make a further development of my solver impossible and thus violate the author's freedom of science and employment.




Coal and Anti-Climate Lobbying

Category: general,
Source: info,
Language: en,
Type:
new
.

On Thursday the Higher Administrative Court in Münster declared the construction of the Datteln 4 coal-fired power station to be illegal because of the development plan with immediate vicinity of a residential area. This is a resounding slap in the face for Armin Laschet, who has repeatedly campaigned for the power plant in public. We have previously shared a petition against Datteln 4 because a new coal-fired power plant would have thwarted the hard-won coal exit and would not have followed the recommendations of the Coal Commission. We also have a petition for you against the demolition of other villages for coal in Germany.

But that's not all: Campact writes to us that the lobby group INSM can spread its anti-climate agitation in Germany, but factual corrections by Campact have not been printed. Advertisements for the “Initiative New Social Market Economy” were even printed in the FAZ. The Zeit refused to put Campact's ad on their website. On the other hand, the Zeit had already published lies about Annalena Baerbock's (Greens) climate protection plans. The Zeit rejects the truth about the climate protection blockade by Armin Laschet (CDU). The fact that journalistic independence is not far-fetched shows, among other things, that almost all newspapers in the USA have refused to report about the litigation against Steven Donziger who defended the Ecuadorians because of the oil poisoning by Chevron. One of the reasons for this is that an important lawyer, Gibson Dunn, not only works for the New York Times, but also for Chevron.

additional petition: against wood robbery in Nigeria.