Language Selection

English French German Italian Portuguese Spanish

Security: SKS, YouTube, Malware and More

Filed under
Security
  • Impact of SKS keyserver poisoning on Gentoo

    The SKS keyserver network has been a victim of certificate poisoning attack lately. The OpenPGP verification used for repository syncing is protected against the attack. However, our users can be affected when using GnuPG directly. In this post, we would like to shortly summarize what the attack is, what we did to protect Gentoo against it and what can you do to protect your system.

    The certificate poisoning attack abuses three facts: that OpenPGP keys can contain unlimited number of signatures, that anyone can append signatures to any key and that there is no way to distinguish a legitimate signature from garbage. The attackers are appending a large number of garbage signatures to keys stored on SKS keyservers, causing them to become very large and cause severe performance issues in GnuPG clients that fetch them.

    The attackers have poisoned the keys of a few high ranking OpenPGP people on the SKS keyservers, including one Gentoo developer. Furthermore, the current expectation is that the problem won’t be fixed any time soon, so it seems plausible that more keys may be affected in the future. We recommend users not to fetch or refresh keys from SKS keyserver network (this includes aliases such as keys.gnupg.net) for the time being. GnuPG upstream is already working on client-side countermeasures and they can be expected to enter Gentoo as soon as they are released.

  • YouTube's latest ban? Infosec instructional videos are outlawed

    Google's video-sharing site YouTube has started to ban videos that show users how to get past software restrictions and provide instructions on information security.

  • Youtube's ban on "hacking techniques" threatens to shut down all of infosec Youtube

    Youtube banning security disclosures doesn't make products more secure, nor will it prevent attackers from exploiting defects -- but it will mean that users will be the last to know that they've been trusting the wrong companies, and that developers will keep on making the same stupid mistakes...forever.

  • TN men use Bluetooth-enabled tablet to steal cars

    During the interrogation, one of the accused –a car mechanic- said he bought a Bluetooth-enabled tablet online used by car showroom staff to access the vehicles.

  • Kaspersky reinforce collaboration with INTERPOL in the fight against cybercrime

    This cooperation strengthens the existing relationship between the two organizations, ensuring information and technology sharing can support INTERPOL in cybercrime-related investigations. Within the new agreement, Kaspersky will share information about its cyberthreat research and provide the necessary tools to assist with full digital forensics, aimed at strengthening efforts on the prevention of cyberattacks.

  • China Is Forcing Tourists to Install Text-Stealing Malware at its Border

    The malware downloads a tourist’s text messages, calendar entries, and phone logs, as well as scans the device for over 70,000 different files.

  • Chinese border guards reportedly install spy apps on tourists' Android phones

    Border guards reportedly took tourists' phones and secretly installed an app on them which could extract emails, texts and contacts, along with information about the handset; basically a mother-load of privacy-sapping stuff.

    There are reports that in some cases Android phones are returned to those entering the region with an app called Fēng cǎi installed. Apple's iPhones don't appear to come back with the app, but they could have been scanned by border control guards in a separate area after travellers were forced to hand them over.

  • China Snares Tourists’ Phones in Surveillance Dragnet by Adding Secret App

    The app gathers personal data from phones, including text messages and contacts. It also checks whether devices are carrying pictures, videos, documents and audio files that match any of more than 73,000 items included on a list stored within the app’s code.

More in Tux Machines

Can the Linux Foundation Speak for Free Software?

The kindest interpretation of this situation is that the Linux Foundation has a public relations problem that it is unaware of and is overdue to correct. A more cynical interpretation is that, from its very start, the Linux Foundation has been a slow coup, gradually usurping an authority to which it has no right. Ask me on alternate days which one I believe. Whatever the case, the solutions are the same. A concerted effort to get community members elected to at-large positions might help, although they would still be a minority. Many, too, might not want to legitimize the foundation by participating in it. A more promising response might be to see that community organizations are strengthened to provide a counter-balance, but that would be a slow solution if it worked at all. I don’t pretend to have an answer. But I believe that free software owes its success to the fact that it is diverse. Centralizing the authority in the community means an end to free software as we know it — and that is something to be avoided at all cost. The very real good that the Linux Foundation does cannot disguise the harm that its orientation may cause. Read more

Android Leftovers

GNOME Work Is Underway For Sharper Background Images

Canonical's Daniel Van Vugt continues working on a variety of interesting performance optimizations for upstream GNOME as well as other usability enhancements for this desktop environment. One of the latest items being tackled is improving the quality of background images on GNOME. Long story short, for where the background/wallpaper image is larger than the desktop resolution, OpenGL is used for downscaling the image. But the existing means of downscaling could lead to blurry images or just not as sharp as possible images. But now with patches pending, the mipmap level is being limited to still downscale with OpenGL but to have the maximum sharpness possible for the display. Read more

bandwhich Shows What's Taking Up Your Network Bandwidth On Linux And macOS

This tool's main purpose is to shows what is taking up your bandwidth. It was originally called "what", but its name was changed to bandwhich about 3 weeks ago. bandwhich is able to show the current network utilization by process, connection and remote IP/hostname by sniffing a given network interface and recording the IP packet size, cross-referencing it with the /proc filesystem on Linux and lsof on macOS. Also, the tool attempts to resolve the IP addresses to their host names in the background, using reverse DNS "on a best effort basis"; this can be disabled using the -n / --no-resolve option. By default, bandwhich runs in interactive mode and it has 3 panes that show: network utilization by process name, utilization by connection, and utilization by remote address. Because bandwhich has a responsive terminal user interface, the terminal window in which you run bandwhich must be large enough for these 3 panes to be displayed - depending on the window width and/or height, only one or two of these panes may be shown. Read more