Wie Browser Passwörter speichern

Heise Security verweist auf einen interessanten Artikel, der zeigt wie man mit den Rechten des aktuellen Users die im Browser (IE, Firefox, Chrome) gespeicherten Passwörter entschlüsseln kann.

Die Browser nutzen zu Verschlüsselung Windowsfunktionen unter dem Sicherheitskontext des aktuellen Users. Diese Rechte kann sich Malware in der Regel auch leicht erschleichen.

Abhilfe: Ein sicheres Masterpasswort für den Browser setzen. Dies geht zumindst unter Firefox. oder man speichert die Passwörter in Tools wie Keepass oder Lastpass oder nutzt YubiKey (2 Faktor Authentifizierungssystem, oneTimePasswords).

Firefox: hat ein Masterpasswort
Chrome: hat noch kein Masterasswort Link
IE9,10: hat kein Masterpasswort

Mittels FireMaster oder ffpasscracker kann man aber auch Masterpasswörter knacken!

Why is IT security important to me?

If someone is able to control your internet accounts or devices you use he could harm you, steal your money or sell/use information about you that you prefer to keep secret!

Examples:
- hack your cardiac stimulator (Link)
- open and steal your car
- know your medical state and prevent you form getting life assurance

how to send a safe mail - Email schnell und einfach verschlüsseln

There are ways to encrypt emails. But in general it is more complicated to setup than expected.

Often you can do that on your side, but the recipient will be overstrained to understand the crypto stuff to decrypt your message. So he will never read your encrypted message.

It was not worth the effort and encrypting mails will never ever become a standard thing!
Getting personal keypairs is the first difficult step.
(Solange es für den Empfänger zu kompliziert ist, wird er das verschlüsselte Mail nie lesen. Der erste komplizierte Schritt dabei ist, ein persönliches Schlüsselpaar zu erhalten.)

Solution:
send crypted mails, that recipient can decrypt without having to install and configure more than one easy softwaretool.

- use asymmetric keys - https://www.cacert.org/
   to encrypt mailbody in clipboard with gpg4win software - http://www.gpg4win.org (install with GPA option selected)
    first Line is ::, second line is anon-to: recipient@emailaddress.com
   at third line your text is starting
- open a new mailmessage and do not use subject field
   first line of body is ::, second line is anon-to:   - example: remailer@aarg.net or anon@paranoici.org
   third line is to copy encrypted clipboard into
- use a remailer to for the to-address  

The only complicated thing that remains is to explain the recipient, how he gets his key pair (for sending) and your public key (for reading) the first time. Afterwards he is familiar with this concept and can get everyones public key or explain the concept to other persons.

(maybe you can even send him your public key for the beginning. So he does not need to register himself for receiving it thru the CA)!

--- also see:

Tools for the paranoid: 5 free security tools to protect your data

listen to data traffic in fibre cables - how to intercept or tap a fibre

In general it is said, that data in fibre optic cables are safe from interception.
It's true, there is no electro magnetic way to "listen" to light pulses. And it is not possible to see the light pulses from outside without breaking or interrupting the cable. That sounds understandable. 

Why it is possible to listen to fibre cable data traffic: 
1. fibre optic cables can be very very long 1000 km and more this makes it difficult to protect it from foreign access.

2. even if cables lay on the ground of the sea or below earth, there are intersection points that allow to install devices for interception. As there are always several 100 fibre cores in one cable it is not easy to find the right one, but there are also ways to get it. For example by stealing cabling information documentation. 
2.a interception by cutting a fibre and splice a capture device in between the line. Done within a short interception of 1 hour that might not be suspicious. 
2.b use a Biegekopplerdevice to couple out the light without interruption (Einstein, SRF) 
2.c if there is an active device at an interception point, it is possible to hack such a network switch and then listen to the data 

be aware: The US submarine Jimmy Carter is said to be able to tap underwater fibre sea cables to eavesdrop communication (Washington Post, ARD).