Language Selection

English French German Italian Portuguese Spanish

Security: Telegram, Bounties and More

Filed under
Security
  • Telegram zero-day let hackers spread backdoor and cryptocurrency-mining malware

    A zero-day vulnerability in Telegram Messenger allowed attackers to spread a new form of malware with abilities ranging from creating a backdoor trojan to mining cryptocurrency.

    The attacks take advantage of a previously unknown vulnerability in the Telegram Desktop app for Windows and were spotted being used in the wild by Kaspersky Lab.

    Researchers believe the Russian cybercriminal group exploiting the zero-day were the only ones aware of the vulnerability and have been using it to distribute malware since March 2017 -- although it's unknown how long the vulnerability had existed before that date.

  • More Than 4,000 Government Websites Infected With Covert Cryptocurrency Miner

    The rise of cryptocurrency mining software like Coinhive has been a decidedly double-edged sword. While many websites have begun exploring cryptocurrency mining as a way to generate some additional revenue, several have run into problems if they fail to warn visitors that their CPU cycles are being co-opted in such a fashion. That has resulted in numerous websites like The Pirate Bay being forced to back away from the software after poor implementation (and zero transparency) resulted in frustrated users who say the software gobbled upwards of 85% of their available CPU processing power without their knowledge or consent.

    But websites that don't inform users this mining is happening are just one part of an emerging problem. Hackers have also taken to using malware to embed the mining software into websites whose owners aren't aware that their sites have been hijacked to make somebody else an extra buck. Politifact was one of several websites that recently had to admit its website was compromised with cryptocurrency-mining malware without their knowledge. Showtime was also forced to acknowledge (barely) that websites on two different Showtime domains had been compromised and infected with Coinhive-embedded malware.

  • Why Bug Bounties Matter

    Bugs exist in software. That's a fact, not a controversial statement. The challenge (and controversy) lies in how different organizations find the bugs in their software.

    One way for organizations to find bugs is with a bug bounty program. Bug bounties are not a panacea or cure-all for finding and eliminating software flaws, but they can play an important role.

  • Shell Scripting and Security

    The internet ain't what it used to be back in the old days. I remember being online back when it was known as ARPAnet actually—back when it was just universities and a handful of corporations interconnected. Bad guys sneaking onto your computer? We were living in blissful ignorance then.

    Today the online world is quite a bit different, and a quick glimpse at the news demonstrates that it's not just global, but that bad actors, as they say in security circles, are online and have access to your system too. The idea that any device that's online is vulnerable is more true now than at any previous time in computing history.

  • Security updates for Tuesday
  • Open Source Security Podcast: Episode 82 - RSA, TLS, Chrome HTTP, and PCI

More in Tux Machines

Radio Telescopes Horn In With GNU Radio

Who doesn’t like to look up at the night sky? But if you are into radio, there’s a whole different way to look using radio telescopes. [John Makous] spoke at the GNU Radio Conference about how he’s worked to make a radio telescope that is practical for even younger students to build and operate. The only real high tech part of this build is the low noise amplifier (LNA) and the project is in reach of a typical teacher who might not be an expert on electronics. It uses things like paint thinner cans and lumber. [John] also built some blocks in GNU Radio that made it easy for other teachers to process the data from a telescope. As he put it, “This is the kind of nerdy stuff I like to do.” We can relate. Read more

New Releases: Kodachi 5.8, Tails RC, HardenedBSD Stable, KookBook 0.2.0

  • Kodachi 5.8 The Secure OS
    Linux Kodachi operating system is based on Debian 9.5 / Ubuntu 18.04 it will provide you with a secure, anti-forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure. Kodachi is very easy to use all you have to do is boot it up on your PC via USB drive then you should have a fully running operating system with established VPN connection + Connection established + service running. No setup or knowledge is required from your side we do it all for you. The entire OS is functional from your temporary memory RAM so once you shut it down no trace is left behind all your activities are wiped out. Kodachi is a live operating system that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to:
  • Call for testing: [Tails] 3.12~rc1
    You can help Tails! The first release candidate for the upcoming version 3.12 is out. We are very excited and cannot wait to hear what you think about it, especially the new simplified USB installation method (see below). :)
  • Stable release: HardenedBSD-stable 12-STABLE v1200058.2
  • KookBook 0.2.0 available – now manage your cooking recipes better
    Some people have started talking about maybe translation of the interface. I might look into that in the future. And I wouldn’t be sad if some icon artists provided me with a icon slightly better than the knife I drew. Feel free to contact me if that’s the case. Happy kooking!

Programming: Conway’s Game of Life, py3status and Teaching Python at Apple

  • Optimizating Conway
    Conway’s Game of Life seems to be a common programming exercise. I had to program it in Pascal when in High School and in C in an intro college programming course. I remember in college, since I had already programmed it before, that I wanted to optimize the algorithm. However, a combination of writing in C and having only a week to work on it didn’t leave me with enough time to implement anything fancy. A couple years later, I hiked the Appalachian Trail. Seven months away from computers, just hiking day in and day out. One of the things I found myself contemplating when walking up and down hills all day was that pesky Game of Life algorithm and ways that I could improve it. Fast forward through twenty intervening years of life and experience with a few other programming languages to last weekend. I needed a fun programming exercise to raise my spirits so I looked up the rules to Conway’s Game of Life, sat down with vim and python, and implemented a few versions to test out some of the ideas I’d had kicking around in my head for a quarter century.
  • py3status v3.16
    Two py3status versions in less than a month? That’s the holidays effect but not only! Our community has been busy discussing our way forward to 4.0 (see below) and organization so it was time I wrote a bit about that.
  • #195 Teaching Python at Apple

Games: Protontricks, vkQuake2, System Shock, Dead Ascend, Lord of Dwarves and Panda3D

  • Protontricks, a handy tool for doing various tweaks with Steam Play has been forked
    For those brave enough to attempt to get more Windows games to run through Steam Play, Protontricks is a handy solution and it's been forked.
  • vkQuake2, the project adding Vulkan support to Quake 2 now supports Linux
    At the start of this year, I gave a little mention to vkQuake2, a project which has updated the classic Quake 2 with various improvements including Vulkan support. Other improvements as part of vkQuake2 include support for higher resolution displays, it's DPI aware, HUD scales with resolution and so on. Initially, the project didn't support Linux which has now changed. Over the last few days they've committed a bunch of new code which fully enables 64bit Linux support with Vulkan.
  • The new System Shock is looking quite impressive with the latest artwork
    System Shock, the remake coming eventually from Nightdive Studios continues along in development and it's looking impressive. In their latest Kickstarter update, they showed off what they say is the "final art" after they previously showed the game using "temporary art". I have to admit, while this is only a small slice of what's to come, from the footage it certainly seems like it will have a decent atmosphere to it.
  • Dead Ascend, an open source point and click 2D adventure gameDead Ascend, an open source point and click 2D adventure game
    For those wanting to check out another open source game or perhaps see how they're made, Dead Ascend might be a fun choice for a little adventure. Developed by Lars from Black Grain Games, Dead Ascend features hand-drawn artwork with gameplay much like classic point and click adventures.
  • Lord of Dwarves will have you build large structures and defend them, developed on Linux
    Here's a fun one, Lord of Dwarves from developer Stellar Sage Games is a game about helping a kingdom of dwarves survive, build, and prosper. It's made on Linux too and releasing in Early Access in March. The developer emailed in about it and to let everyone know that it was "developed in Linux using only open source software". You can actually see them showing it off on Ubuntu in a recent video. While it's going to be in Early Access, they told me it's "feature complete with a full campaign and sandbox mode" with the extra time being used for feedback and to polish it as much as possible.
  • A Journey of the Panda3D
    I don’t know why am I still working on Panda 3D despite the failure to export the Blender mesh to the Panda 3D engine but anyway here is a quick update for the development of the Panda3D’s game. Yesterday after the Panda 3D engine had failed again to render the blender 3D mesh together with its texture on the game scene, I had made another search for the solution on Google but again...