Language Selection

English French German Italian Portuguese Spanish

Security: PGP & GPG, Flaws, and Nmap 7.80

Filed under
Security
  • The Impending Demise of “PGP & GPG”

    My No Starch books normally sell out their print run, get reprinted a few times, and fade into Out Of Print status. But PG3 never sold out its initial print run.

  • Down the Rabbit-Hole...

    It took a lot of effort and research to reach the point that I could understand enough of CTF to realize it’s broken. These are the kind of hidden attack surfaces where bugs last for years. It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed.

    Now that there is tooling available, it will be harder for these bugs to hide going forward.

  • Flaws in 4G Routers of various vendors put millions of users at risk

    “Those manufacturers who are going to be selling 5G routers are currently selling 3G and 4G routers. Which – and I really cannot stress this enough – are mainly bad.”

  • Hack in the box: Hacking into companies with “warshipping”

    Penetration testers have long gone to great lengths to demonstrate the potential chinks in their clients' networks before less friendly attackers exploit them. But in recent tests by IBM's X-Force Red, the penetration testers never had to leave home to get in the door at targeted sites, and the targets weren't aware they were exposed until they got the bad news in report form. That's because the people at X-Force Red put a new spin on sneaking in—something they've dubbed "warshipping."

    Using less than $100 worth of gear—including a Raspberry Pi Zero W, a small battery, and a cellular modem—the X-Force Red team assembled a mobile attack platform that fit neatly within a cardboard spacer dropped into a shipping box or embedded in objects such as a stuffed animal or plaque. At the Black Hat security conference here last week, Ars got a close look at the hardware that has weaponized cardboard.

  • These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer

    It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer.

  • Nmap Defcon Release! 80+ improvements include new NSE scripts/libs, new Npcap, etc.

    Nmap 7.80 source code and binary packages for Linux, Windows, and Mac are available for free download from the usual spot: [...]

More in Tux Machines

Building A Linux HTPC / Storage Server With The SilverStone CS381

SilverStone recently sent over their CS381 chassis that has proven to be quite a versatile micro-ATX enclosure that can accommodate up to twelve hard drives (eight of which are hot-swappable) all while coming in at just 400 x 225 x 316mm. The SilverStone CS381 could work quite well as a Linux HTPC / DIY Steam Linux gaming living room PC or SOHO file server system with its compact size while offering immense storage potential. Here's more on the SilverStone CS381 and our build with using a Ryzen 5 3400G that is playing well under Linux with an ASUS B450 motherboard. It's been a while since last taking a look at any SilverStone enclosure, but with continuing to be impressed by their high-end cases over the years, it was exciting to look at the CS381 from their Case Storage Series. The key features of this case are offering support for up to twelve HDD/SSDs, up to a microATX motherboard, and other components while occupying just 30 liters of space. The case can be positioned in either a vertical or horizontal position depending upon the environment and eight of the drives being hot-swappable primes the case for interesting storage server options. Read more

Intel Icelake Thunderbolt Support, Stratix10 Additions & Other Material Hits Linux 5.4

The "char/misc" changes for the Linux 5.4 are as eventful as ever. Greg Kroah-Hartman sent in the char/misc changes earlier this week for the Linux 5.4 merge window that's now half-way through. The since merged material contains a lot of notable hardware support improvements. Exciting us the most is that the Intel Icelake Thunderbolt support is now squared away. Intel had most of the Icelake CPU support in good shape going back months including for the Gen11 graphics, but the Thunderbolt support was the last holdout. With Icelake, the Thunderbolt controller has moved onto the CPU package itself sans the power deliver infrastructure. These changes yielded additional work to get Icelake Thunderbolt support going under Linux, but it's finally there for Linux 5.4 with Icelake laptops beginning to hit retail channels. Read more

Python Programming Leftovers

  • Cogito, Ergo Sumana: Futureproofing Your Python Tools

    The people who maintain Python and key Python platforms want to help you protect the code you write and depend on. [...] Publishing that package is a great way of making it so other people can run and deploy it, even within other parts of your organization. But -- who actually has the keys to the castle? Who can upload a new version, or delete a version that has a problem? You should probably make sure multiple people have either "owner" or "maintainer" privileges on the project on PyPI. And you should review your project security history display, which lists sensitive events (such as "file removed from release version 1.0.1") in your PyPI user account and your PyPI project. We just added this display, so you can look at things that have happened in your user account or project, and check for signs someone's stolen your credentials.

  • py3status v3.20 – EuroPython 2019 edition

    Shame on me to post this so long after it happened… Still, that’s a funny story to tell and a lot of thank you to give so let’s go!

  • Finding Python Developers for Your Startup

    Recently I stumble across a situation while I was helping out for one of the events for JuniorDev SG. There was not a lot of Python developers and some of my other developer's friend. Said that they hardly encounter any developer friends who are using Python for their work. It begins during a conversation, where one of the attendees for a JuniorDev SG event. Approached me to search for Python developers to work for their startup based in Singapore.

Geary 3.34 Debuts with Deeper GNOME Contacts Integration, Other Changes

The Geary email client has issued a brand new release, and in this post I tell you a bit about it. Geary 3.34.0 — you may recall that Geary switched to following GNOME numbering last year — is the latest update to this web-mail friendly mail tool, and there’s healthy dose of improvement on offer, as noted in the release notes. Among them is deeper integration with GNOME Contacts. Geary’s in-app contacts pop-over now supports adding and editing contacts stored in the GNOME Contacts app, and is able to auto-complete email addresses based on data from contacts too. Serial typo-makers like me will appreciate the spell checker now covering the mail composer’s subject line; while the addition of support for Outlook-specific email attachments (TNEF) will please those who regularly run in to issues on that front. Other changes in Geary 3.34.0 include “a substantial number” of server compatibility improvements, background syncing tweaks, and other bug fixes. Read more