Language Selection

English French German Italian Portuguese Spanish

Security: Defcon, GSM, Black Hat, Avaya and DARPA

Filed under
Security
  • A Remote-Start App Exposed Thousands of Cars to [Attackers]

    In a talk at the Defcon hacker conference today in Las Vegas, Jmaxxz described a series of vulnerabilities in MyCar, a system made by Canadian company Automobility, whose software is rebranded and distributed under names including MyCar Kia, Visions MyCar, Carlink, and Linkr-LT1. MyCar's devices and apps connect to radio-based remote start devices like Fortin, CodeAlarm, and Flashlogic, using GPS and a cellular connection to extend their range to anywhere with an [Internet] connection. But with any of three different security flaws present across those apps—which Jmaxxz says he reported to the company and have since been fixed—he says he could have gained access to MyCar's database backend, letting him or a less friendly hacker pinpoint and steal any car connected to the MyCar app, anywhere in the world.

  • Teen Security Researcher Suspended for Exposing Vulnerabilities in His School’s Software

    Bill Demirkapi, an 11th grader in Lexington, Massachusetts, had found a vulnerability in Aspen, the software his school uses to deliver students' grades, transcripts, and schedules. With this sort of access, an attacker could obtain a student's password, their birth city, details on their free or reduced lunch, and other information.

    But Demirkapi didn't want to abuse the vulnerability he discovered. He wanted to do the responsible thing and let the company that makes the software, Follett Corporation, know about the issue so it can fix it and make students' personal data safer. The problem was that Follett didn't respond to Demirkapi's multiple attempts to warn them about the vulnerability. So he tried a different approach and used a feature of the software to send a message to Follett.

  • [Attackers] Could Decrypt Your GSM Phone Calls

    Regular GSM calls aren't fully end-to-end encrypted for maximum protection, but they are encrypted at many steps along their path, so random people can't just tune into phone calls over the air like radio stations. The researchers found, though, that they can target the encryption algorithms used to protect calls and listen in on basically anything.

    "GSM is a well documented and analyzed standard, but it’s an aging standard and it's had a pretty typical cybersecurity journey," says Campbell Murray, the global head of delivery for BlackBerry Cybersecurity. "The weaknesses we found are in any GSM implementation up to 5G. Regardless of which GSM implementation you’re using there is a flaw historically created and engineered that you’re exposing."

  • Black Hat USA 2019 conference Highlights: IBM’s ‘warshipping’, OS threat intelligence bots, Apple’s $1M bug bounty programs and much more!

    The popular Black Hat USA 2019 conference was held from August 3 – August 8 at Las Vegas. The conference included technical training sessions conducted by international industry and subject matter experts to provide hands-on offensive and defensive skill-building opportunities. It also included briefings from security experts who shared their latest findings, open-source tools, zero-day exploits, and more.

    Tech giants including Apple, IBM, Microsoft made some interesting announcements such as Apple and Microsoft expanding their bug-bounty programs, with IBM launching a new ‘warshipping’ hack, and much more.

    Black Hat USA 2019 also launched many interesting open-source tools and products like Scapy, a Python-based Interactive packet manipulation Program, CyBot, an open-Source threat intelligence chatbot, any many other products.

  • Somu Tiny Open Source FIDO2 Security Key Enables Passwordless Login & Two-factor Authentication (Crowdfunding)

    Meet Somu open-source and secure key with FIDO2 support for two-factor authentication, or Microsoft account passwordless login.

  • Carbon Black Threat Analysis Unit (TAU) Launches “Binee,” an Open-Source Binary Emulator for Malware Researchers at DEF CON 27

    Carbon Black (NASDAQ: CBLK), a leader in cloud-native endpoint protection, today announced the launch of “Binee,” an open-source binary emulator that bridges the gap between static and dynamic analysis of real-world malware. Binee empowers researchers to extract run-time data from binaries at a cost, speed and scale previously only possible with static analysis tools, opening up a wealth of run-time malware data for behavioral analysis and machine learning applications.

  • Bishop Fox Introduces New Open-Source Hacking Tool for Testing ZigBee Networks at 2019 Black Hat Arsenal
  • Bishop Fox Introduces New AI-Based, Open Source Pentesting Tool at 2019 Black Hat Arsenal
  • empow Launches Open-Source Security Log Plugins Repository for Elasticsearch
  • 13-Year-Old Encryption Bugs Still Haunt Apps and IoT

    RSA encryption has been around for decades. Unfortunately, so have bad implementations that leave it less secure.

  • #BHUSA : Open Source is Key to Solving Cyber Skills Gap

    At Black Hat USA in Las Vegas, Anomali threat research team manager Joakim Kennedy explained to Eleanor Dallaway why he believes the open source movement in the cybersecurity industry will help to address the skills gap.

    “One way of opening up the industry to more people is to provide good free tools accessible to everyone.” The open source movement allows people “to take the toolkits and moderate them.” This, he said, is particularly relevant to teenagers and people outside of the cybersecurity industry that may have an interest in joining. “The best way to learn is to get hold of toolkits and play with them, moderate them,” he said, explaining that his own path into the industry began as a teenager, “using whatever tools were available” and self-educating himself.

    Making these open source tools available “will trigger the interest of the next generation of potential employees by giving them the tools to play with for free and get their interest. We need to get more interested people into the field and there’s a high threshold to get started.” He explained this high threshold means that the paid products and tools in the industry are very expensive. “The license price is too high.”

  • Cyber Eavesdropping Vulnerability Found On Phones Used By 90% Of Fortune 100: Report

    VoIP phones from leading provider Avaya are the latest IoT devices exposed as a cyber risk by security researchers.

  • Popular Avaya enterprise VoIP phones are vulnerable to hacking

    The issue was discovered by researchers from security firm McAfee and was disclosed Thursday at the DEF CON security conference in Vegas. However, firmware updates have been available since June 25.

    The vulnerability is located in the DHCP service, which allows the devices to automatically obtain IP addresses on the network. Attackers can exploit it by sending maliciously modified DHCP responses to the devices, which do not require authentication, and winning a race condition with the network’s legitimate DHCP server.

  • Hackers Take on Darpa's $10 Million Voting Machine

    FOR THE LAST two years, hackers have come to the Voting Village at the DefCon security conference in Las Vegas to tear down voting machines and analyze them for vulnerabilities. But this year’s Village features a fancy new target: a prototype secure voting machine created through a $10 million project at the Defense Advanced Research Projects Agency. You know it better as Darpa, the government's mad science wing.

    Announced in March, the initiative aims to develop an open source voting platform built on secure hardware. The Oregon-based verifiable systems firm Galois is designing the voting system. And Darpa wants you to know: its endgame goes way beyond securing the vote. The agency hopes to use voting machines as a model system for developing a secure hardware platform—meaning that the group is designing all the chips that go into a computer from the ground up, and isn’t using proprietary components from companies like Intel or AMD.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.