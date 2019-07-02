Security: SKS, YouTube, Malware and More
-
The SKS keyserver network has been a victim of certificate poisoning attack lately. The OpenPGP verification used for repository syncing is protected against the attack. However, our users can be affected when using GnuPG directly. In this post, we would like to shortly summarize what the attack is, what we did to protect Gentoo against it and what can you do to protect your system.
The certificate poisoning attack abuses three facts: that OpenPGP keys can contain unlimited number of signatures, that anyone can append signatures to any key and that there is no way to distinguish a legitimate signature from garbage. The attackers are appending a large number of garbage signatures to keys stored on SKS keyservers, causing them to become very large and cause severe performance issues in GnuPG clients that fetch them.
The attackers have poisoned the keys of a few high ranking OpenPGP people on the SKS keyservers, including one Gentoo developer. Furthermore, the current expectation is that the problem won’t be fixed any time soon, so it seems plausible that more keys may be affected in the future. We recommend users not to fetch or refresh keys from SKS keyserver network (this includes aliases such as keys.gnupg.net) for the time being. GnuPG upstream is already working on client-side countermeasures and they can be expected to enter Gentoo as soon as they are released.
-
Google's video-sharing site YouTube has started to ban videos that show users how to get past software restrictions and provide instructions on information security.
-
Youtube banning security disclosures doesn't make products more secure, nor will it prevent attackers from exploiting defects -- but it will mean that users will be the last to know that they've been trusting the wrong companies, and that developers will keep on making the same stupid mistakes...forever.
-
During the interrogation, one of the accused –a car mechanic- said he bought a Bluetooth-enabled tablet online used by car showroom staff to access the vehicles.
-
This cooperation strengthens the existing relationship between the two organizations, ensuring information and technology sharing can support INTERPOL in cybercrime-related investigations. Within the new agreement, Kaspersky will share information about its cyberthreat research and provide the necessary tools to assist with full digital forensics, aimed at strengthening efforts on the prevention of cyberattacks.
-
The malware downloads a tourist’s text messages, calendar entries, and phone logs, as well as scans the device for over 70,000 different files.
-
Border guards reportedly took tourists' phones and secretly installed an app on them which could extract emails, texts and contacts, along with information about the handset; basically a mother-load of privacy-sapping stuff.
There are reports that in some cases Android phones are returned to those entering the region with an app called Fēng cǎi installed. Apple's iPhones don't appear to come back with the app, but they could have been scanned by border control guards in a separate area after travellers were forced to hand them over.
-
The app gathers personal data from phones, including text messages and contacts. It also checks whether devices are carrying pictures, videos, documents and audio files that match any of more than 73,000 items included on a list stored within the app’s code.
Games: Avorion, Synergia, Superstarfighter, Kubifaktorium, Viking Vengeance, We Need To Go Deeper
-
Avorion is a fully 3D co-op space sandbox game, where players build a ship and eventually a fleet from single blocks and it's quite engrossing. This latest update enables proper modding support, with integrated Steam Workshop support.
Previously, you were able to download pre-built ships other had made but this goes a massive step further for the game. You can now use Lua to mod all sorts of things in the game, although some things like Materials, Rarities or Blocks cannot yet be modded. What's fun is that dedicated servers, for those that plan online, also support modding. If you connect to a modded server, it grabs the mods for you—handy.
-
Ready to get engrossed in another Visual Novel? Synergia looks promising, with a futuristic yuri cyberpunk setting. Giving off some Ghost in the Shell vibes, it's actually quite impressive. The intro video especially, not something I was expecting to see with a Visual Novel and sets the mood quite nicely.
-
I recently got shown Superstarfighter, a 1-4 player local multiplayer (with AI too) fast-paced action game and it's actually pretty fun.
It's a very frantic arcade game, where each player can shoot out homing missiles to take down other players. With multiple game modes available, it's surprisingly good. I'm quite a fan of the Take the Crown mode, where each player fights over a single Crown and whoever wears in the longest wins. There's also a pretty amusing Hive Filling mode, with each player flying over tiles to change the tile into their colour, with opposing colours slowing you down.
-
The second game developed by Mirko Seithe and made on Linux, Kubifaktorium, a voxel colony management and automation game is now available in Early Access.
-
As someone who has been slightly obsessed over the Vikings series from the History network, a game based around Norse mythology is exactly what I need right now.
Viking Vengeance from Lowpoly Interactive is due out sometime later this year and it is currently advertising Linux support on Steam. When speaking to the developer about it in this forum post, they said "Hello and thank you for the question. Yes if people using Linux will be interested in the game we will definitely bring it to Linux.", so it might be worth letting them know if you're interested.
-
In the official announcement, they said the price is going to be increasing from $9.99 to $15.99 so if you were thinking of getting it you may want to think quicker if you wanted to save a little. After release, they said updates will still be coming, just not as often as they do currently. A special edition will also be offered which will include a PDF art book and an expanded soundtrack. They're also considering paid DLC as it "gets asked a lot".
Recent comments
1 min ago
30 min 58 sec ago
44 min 51 sec ago
1 hour 7 min ago
7 hours 38 min ago
7 hours 40 min ago
7 hours 54 min ago
8 hours 4 min ago
8 hours 10 min ago
11 hours 42 min ago