Language Selection

English French German Italian Portuguese Spanish

Security: PGP & GPG, Flaws, and Nmap 7.80

Filed under
Security
  • The Impending Demise of “PGP & GPG”

    My No Starch books normally sell out their print run, get reprinted a few times, and fade into Out Of Print status. But PG3 never sold out its initial print run.

  • Down the Rabbit-Hole...

    It took a lot of effort and research to reach the point that I could understand enough of CTF to realize it’s broken. These are the kind of hidden attack surfaces where bugs last for years. It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed.

    Now that there is tooling available, it will be harder for these bugs to hide going forward.

  • Flaws in 4G Routers of various vendors put millions of users at risk

    “Those manufacturers who are going to be selling 5G routers are currently selling 3G and 4G routers. Which – and I really cannot stress this enough – are mainly bad.”

  • Hack in the box: Hacking into companies with “warshipping”

    Penetration testers have long gone to great lengths to demonstrate the potential chinks in their clients' networks before less friendly attackers exploit them. But in recent tests by IBM's X-Force Red, the penetration testers never had to leave home to get in the door at targeted sites, and the targets weren't aware they were exposed until they got the bad news in report form. That's because the people at X-Force Red put a new spin on sneaking in—something they've dubbed "warshipping."

    Using less than $100 worth of gear—including a Raspberry Pi Zero W, a small battery, and a cellular modem—the X-Force Red team assembled a mobile attack platform that fit neatly within a cardboard spacer dropped into a shipping box or embedded in objects such as a stuffed animal or plaque. At the Black Hat security conference here last week, Ars got a close look at the hardware that has weaponized cardboard.

  • These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer

    It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer.

  • Nmap Defcon Release! 80+ improvements include new NSE scripts/libs, new Npcap, etc.

    Nmap 7.80 source code and binary packages for Linux, Windows, and Mac are available for free download from the usual spot: [...]

More in Tux Machines

KDE Usability & Productivity: Week 85

I’m not dead yet! KDE’s new goal proposals have been announced, and the voting has started. But in the meantime, the Usability & Productivity initiative continues, and we’re onto week 85! Read more

Leftovers: Kate, Krita, UCLA Library and RcppExamples

  • Kate - Document Preview Plugin - Maintainer Wanted!

    At the moment the Document Preview plugin that e.g. allows to preview Markdown or other documents layout-ed via embedding a matching KPart is no longer maintained. If you want to step up and keep that plugin alive and kicking, now is your chance!

  • The Sprint

    Hi -)) haven’t posted for some time, because I was busy travelling and coding for the first half of the month. From Aug 5 to Aug 9, I went to the Krita Sprint in Deventer, Netherlands. According to Boud, I was the first person to arrive. My flight took a transit via Hong Kong where some flights were affected due to natural and social factors, but fortunately mine was not one of them. Upon arrival in Amsterdam I got a ticket for the Intercity to Deventer. Railway constructions made me take a transfer via Utrecht Centraal, but that was not a problem at all: the station has escalators going both up to the hall, and down to the platforms (in China you can only go to the hall by stairs or elevator (which is often crowded after you get off)). When I got out of Deventer Station, Boud immediately recognized me (how?!). It was early in the morning, and the street’s quietness was broken by the sound of me dragging my suitcase. Boud led me through Deventer’s crooked streets and alleys to his house. For the next two days people gradually arrived. I met my main mentor Dmitry (magician!) and his tiger, Sagoskatt, which I (and many others) have mistaken for a giraffe. He was even the voice actor for Sago. He had got quite a lot of insights into the code base (according to Boud, “80%”) and solved a number of bugs in Krita (but he said he introduced a lot of bugs, ha!). Also I met David Revoy (my favourite painter!), the author of Pepper and Carrot. And Tiar, our developer who started to work full-time on Krita this year; she had always been volunteering to support other Krita users and always on the IRC and Reddit. And two of other three GSoC students for the year: Blackbeard (just as his face) and Hellozee. Sh_zam could not come and lost communications due to political issues, which was really unfortunate (eh at least now he can be connected). It is feels so good to be able to see so many people in the community – they are so nice! And it is such an experience to hack in a basement church.

  • How UCLA Library preserves rare objects with open source

    The University of California, Los Angeles, (UCLA) Library houses a collection of millions of rare and unique objects, including materials dating from 3000 BCE, that could be damaged, destroyed, or otherwise threatened if they were displayed. To make these special collections widely available while keeping them secure, the UCLA Library has been modernizing its digital repository, which was established 15 years ago on now-outdated software. [...] Watch Jen's Lightning Talk to learn more about the UCLA Library's rare collections digitization project.

  • RcppExamples 0.1.9

    The RcppExamples package provides a handful of short examples detailing by concrete working examples how to set up basic R data structures in C++. It also provides a simple example for packaging with Rcpp.

Games: Smith and Winston, 7 Billion Humans Sale

Servers: Ampere Computing, SUSE and Red Hat

  • Ampere Computing Is Keeping Close Track Of The Linux Performance For Their ARM Servers

    Hardware vendor Ampere Computing with their impressive ARM servers is doing a great job on closely following their hardware's Linux performance as part of a rigorous continuous testing regiment or ensuring quality, compatibility, and stability while being fully-automated. Ampere Computing's Travis Lazar talked at this week's Linux Foundation events in San Diego over the importance of continuous regression testing for software and hardware development by talking about their internal workflow and software in place. Their internal system is the "Totally Automated Regression System" or TARS for short. TARS makes use of various open-source components including the Phoronix Test Suite and its vast collection of benchmarks for providing comprehensive test coverage plus Ampere's own "extensions" to the Phoronix Test Suite. TARS also incorporates the provisioning/configuration responsibilities as well as analysis of the data.

  • [SUSE] Learn how the Multimodal OS can benefit your organization.
  • From ProdOps to DevOps: Surviving and thriving

    For many of us in Production Operations (ProdOps), change is the enemy. If something changes, there is now an opportunity for things that were working just fine to experience problems. It is like a game of Jenga. When will the tower fall because a seemingly minor change unbalances the whole stack of pieces? ProdOps teams hate change so much, that countless frameworks have been invented to "manage" changes; in reality, these frameworks make the procedure for effecting a change so onerous that most people give up and accept the status quo. Actually, that statement is a bit unfair. These frameworks are an attempt to wrap planning and consensus around production changes, thus minimizing potential downtime caused by random or rogue changes (see Why the lone wolf mentality is a sysadmin mistake).

  • Meet Red Hat at VMworld

    As Red Hat’s Ashesh Badani said in his blog post about the reference architecture for OpenShift on VMware’s SDDC stack “… this is just the first step — Red Hat OpenShift 4 brings optimized installation capabilities to a variety of infrastructures and for this, the companies are working towards a VMware Validated Design. We are excited that VMware is working closely with Red Hat to deliver a simplified experience there in the coming months.”