Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Report: Response to the Consultation on the Government's regulatory proposals regarding consumer Internet of Things (IoT) security

    Open Rights Group (ORG) is a UK-based digital campaigning organisation working to protect fundamental rights to privacy and free speech online. With over 3,000 active supporters, we are a grassroots organisation with local groups across the UK.

    We are a project partner to Values and Ethics in Responsible Technology in Europe (VIRT-EU) – a European project funded by the Horizon 2020 program. VIRT-EU’s mission is to foster ethical thinking in IoT development. The following comments stem predominantly from our experience accumulated in the course of that project.

    We address the consultation questions in order below, omitting questions 7, 8 and 9 as these lie outside our remit.

    1. Do you agree that the Government should take powers to regulate on the security of consumer IoT products? If yes, do you agree with the proposed legislative approach?

    We welcome the proposal to create primary legislation to introduce enhanced security for consumers using IoT devices. We also support the approach of making some requirements mandatory in the first instance with a longer strategy.

  • 'This Is a Bombshell': Facial Recognition Data Collected by US Customs Agency Hacked

    "This is a bombshell," said Evan Greer, deputy director of the advocacy group Fight fight for the Future, in response to the reporting. "Even if you 100% trust the US government with your biometric information (which you shouldn't) this is a reminder that once your face is scanned and stored in a database, it's easily shared across government agencies, stolen by hackers, other governments, etc."

    Buzzfeed, also among the first to report on the breach on Monday, noted that the "cyberattack comes amid the ongoing rollout of CBP's "biometric entry-exit system," the government initiative to biometrically verify the identities of all travelers crossing US borders." As BuzzFeed News reported Citing earlier reporting, Buzzfeed pointed out that "CBP is scrambling to implement the initiative with the goal of using facial recognition technology on '100 percent of all international passengers,' including American citizens, in the top 20 US airports by 2021."

  • What you need to know about the MDS vulnerability and Red Hat Virtualization

    A new series of vulnerabilities in Intel processors, known as Microarchitectural Data Sampling, or more simply MDS, was recently made public and Red Hat released information about how the vulnerabilities affect our software and how to protect your organization.

    In the simplest terms, MDS is a vulnerability in Intel processors similar to Spectre and Meltdown; it allows a guest to read protected memory from anywhere on the host or guest. To mitigate the risks exposed by MDS, a combination of updated microcode, updated kernel(s), patches, and administrator action will need to be taken for both the hypervisors and virtual machines in your Red Hat Virtualization deployment. Unlike some similar vulnerabilities, simply disabling SMT and/or hyper-threading is not enough to protect your applications.

  • 5 reasons chaos engineering is indispensable to the CISO

    Security leaders, including the chief information security officer (CISO), are challenged to continuously demonstrate their role within the company's value stream as part of improving security. In doing so, a growing number of security organizations are shifting toward a more "applied security mode," leading many to rethink our traditional practices and question their effectiveness in today's high-velocity, software-driven world.

  • Wireless Security | Roadmap to Securing Your Infrastructure
  • IPFire on AWS: Update to IPFire 2.23 - Core Update 132

    Today, we have updated IPFire on AWS to IPFire 2.23 - Core Update 132 - the latest official release of IPFire.

    This update brings you the new Intrusion Prevention System out-of-the-box as well as updates to the whole system.

  • Amitabh Bachchan’s Twitter Account “Hacked” And DP Got Changed

More in Tux Machines

Announcing Qt for MCUs

  • Announcing Qt for MCUs

    Today we announce the launch of Qt for MCUs – a comprehensive toolkit to deliver smartphone-like user experience on displays powered by microcontrollers. What started as a research project is now in the final leg of its journey to being released as a product. Connected devices found in vehicles, wearables, smart home, industrial and healthcare often have requirements that include real-time processing capabilities, low power consumption, instant boot time and low bill of materials. These requirements can be fulfilled by a microcontroller architecture. However, as devices get smarter and offer more features and capabilities, users expect an enhanced and intuitive experience on par with today’s smartphones. Qt for MCUs delivers an immersive and enriching user interface by utilizing a new runtime specifically developed for ARM Cortex-M microcontrollers and leveraging on-chip 2D graphics accelerators such as PxP on NXP’s i.MX RT series, Chrom-Art Accelerator on STM32 series and RGL on Renesas RH850.

  • Qt for MCUs – Qt Announces support for Microcontrollers

    About Qt for MCUs Qt- The well known opensource toolkit for creating graphical interface announced their new release: Qt for MCUs, targeting MCU’s.

  • The Qt Company Is Now Working On Qt For Microcontrollers

    There have been a lot of announcements pertaining to Qt as of late, most of which have been about forthcoming efforts around Qt 6 development. A new announcement out of The Qt Company catching us off-guard is their plans for the tool-kit on micro-controllers. Qt for MCUs is the company's newest commercial endeavour. In particular, they are working on the Qt tool-kit for displays powered by micro-controllers for smartphone-like user experiences. Qt for MCUs has been a research project at the company but is now being worked out as a new commercial offering. Considering how well though Qt works on mobile devices, it's only another step down catering it to low-power micro-controllers.

Games: Rogue State Revolution, No Man's Sky, Two Point Hospital: Close Encounters

  • Little Red Dog Games announce Rogue State Revolution, a political thriller roguelike

    Little Red Dog Games (Precipice, Deep Sixed, Rogue State) have announced Rogue State Revolution, what they say is the "first" political roguelike game. It's being published by Modern Wolf, a new indie publisher who doesn't believe in crunch who say they treat their developers "like partners, not like cogs in a machine". [...] Doesn't seem to have a trailer yet, will let you know what it does. They're also continuing to use the FOSS game engine Godot Engine again, nice to see!

  • Hello Games appear to be keeping an eye on Steam Play with No Man's Sky, temp fix needed for NVIDIA

    No Man's Sky recently had an absolutely ridiculous update to add in tons of new features and greatly expanded multiplayer. This update also added in Vulkan support too! It seems Hello Games are keeping an eye on Steam Play as well, with a recent update changelog noting "Fixed Steam VR in Linux.". Quite interesting! However, there is a bit of a problem for NVIDIA users with Steam Play on Linux, with the game performing quite poorly. Although, there's a slightly amusing workaround.

  • Things are about to get weird in the Two Point Hospital: Close Encounters expansion

    Two Point Studios and SEGA just announced the next expansion for their amusing hospital building sim with Two Point Hospital: Close Encounters. It's coming soon too! Their plan is to release it on August 29th next week. This will be the third expansion following on from Bigfoot and Pebberley Island. Two Point Hospital is already quite weird but this is really…out there. It will be adding in 3 new hospitals full of patients to cure, 34 new illnesses although they say only 11 of these are new visually along with a promise of "new" gameplay, new music and so on.

Useful security software from the Snap Store

Once upon a time, password management was a simple thing. There were few services around, the Internet was a fairly benign place, and we often used the same combo of username and password for many of them. But as the Internet grew and the threat landscape evolved, the habits changed. In the modern Web landscape, there are thousands of online services, and many sites also require logins to allow you to use their full functionality. With data breaches a common phenomenon nowadays, tech-savvy users have adopted a healthier practice of avoiding credentials re-use. However, this also creates a massive administrative burden, as people now need to memorize hundreds of usernames and their associated passwords. The solution to this fairly insurmountable challenge is the use of secure, encrypted digital password wallets, which allow you to keep track of your endless list of sites, services and their relevant credentials. KeePassXC does exactly that. The program comes with a simple, fairly intuitive interface. On first run, you will be able to select your encryption settings, including the ability to use KeePassXC in conjunction with a YubiKey. Once the application is configured, you can then start adding entries, including usernames, passwords, any notes, links to websites, and even attachments. The contents are stored in a database file, which you can easily port or copy, so you also gain an element of extra flexibility – as well as the option to back up your important data. Read more Also: US Hangs Tough on Restricting Huawei’s Participation in Standards Development

Raccoon – APK Downloader for Linux, MacOS, and Windows

We’ve covered APK stories before in articles like the one about F-Droid and Google Play Downloader, but never have we covered an app as cool as this one with a name inspired by the North American mammal, Raccoon. Raccoon is a free and modern open-source APK downloader application that enables you to safely download any Android app available on Google Play Store to your Linux, Windows, or Mac desktop. The incentive of Raccoon is to enable users to install Android apps without sending any kind of information to Google. It also works to store APK files locally, use a “Split APK” format, bypass application region restrictions, and aims to improve your phone’s battery life. Read more