Language Selection

English French German Italian Portuguese Spanish

Security: PGP & GPG, Flaws, and Nmap 7.80

Filed under
Security
  • The Impending Demise of “PGP & GPG”

    My No Starch books normally sell out their print run, get reprinted a few times, and fade into Out Of Print status. But PG3 never sold out its initial print run.

  • Down the Rabbit-Hole...

    It took a lot of effort and research to reach the point that I could understand enough of CTF to realize it’s broken. These are the kind of hidden attack surfaces where bugs last for years. It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed.

    Now that there is tooling available, it will be harder for these bugs to hide going forward.

  • Flaws in 4G Routers of various vendors put millions of users at risk

    “Those manufacturers who are going to be selling 5G routers are currently selling 3G and 4G routers. Which – and I really cannot stress this enough – are mainly bad.”

  • Hack in the box: Hacking into companies with “warshipping”

    Penetration testers have long gone to great lengths to demonstrate the potential chinks in their clients' networks before less friendly attackers exploit them. But in recent tests by IBM's X-Force Red, the penetration testers never had to leave home to get in the door at targeted sites, and the targets weren't aware they were exposed until they got the bad news in report form. That's because the people at X-Force Red put a new spin on sneaking in—something they've dubbed "warshipping."

    Using less than $100 worth of gear—including a Raspberry Pi Zero W, a small battery, and a cellular modem—the X-Force Red team assembled a mobile attack platform that fit neatly within a cardboard spacer dropped into a shipping box or embedded in objects such as a stuffed animal or plaque. At the Black Hat security conference here last week, Ars got a close look at the hardware that has weaponized cardboard.

  • These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer

    It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer.

  • Nmap Defcon Release! 80+ improvements include new NSE scripts/libs, new Npcap, etc.

    Nmap 7.80 source code and binary packages for Linux, Windows, and Mac are available for free download from the usual spot: [...]

More in Tux Machines

today's howtos

Programming Leftovers

  • Top 10 Natural Language Processing Tools For Today's Demand
  • The Rust Programming Language Blog: Call for 2021 Roadmap Blogs Ending Soon

    We will be closing the collection of blog posts on October 5th. As a reminder, we plan to close the survey on September 24th, later this week.

  • Python Practice Problems: Get Ready for Your Next Interview

    Are you a Python developer brushing up on your skills before an interview? If so, then this tutorial will usher you through a series of Python practice problems meant to simulate common coding test scenarios. After you develop your own solutions, you’ll walk through the Real Python team’s answers so you can optimize your code, impress your interviewer, and land your dream job!

  • Learn to Code Free — Our Interactive Courses Are ALL Free This Week!

    Exciting news: for the next week, all courses are free. Yup, every single course in every learning path is free from Sept 21-28. This free week includes all of our courses in R, Python, SQL, machine learning, Git, the command line, and much more! Even more exciting: complete at least one mission during this week and you'll unlock an additional prize: a downloadable data science career resources pack sent to your email! Now, it’s easier than ever to go from total beginner to job-qualified using Dataquest. The paywall is down!

  • Molfile "S SKP"

    In the last couple of essays I described some of the parts of a SDF record then pointed out some of the ways to break simple SDF record tokenizers. In this essay I'll point out an documentation curiosity which makes it even harder to parse a molfile with simple tools, though until I wrote this essay I had never seen it in actual use.

Games: Unity, Super Slap Sisters, Ayo the Clown and Steam News Hub

  • Unity 2020.2 Bringing Some Hefty Performance Optimizations [Ed: Microsoft Mono unfortunately]

    Not only did Unity Software experience a successful IPO last week but they also rolled out the Unity 2020.2 engine into public beta and with that comes some "major speed-ups" for performance.

  • Super Slap Sisters [Ed: Requires WINE]

    These are some great additions that allow for an even wider variety of playstyles, keeping your opponent guessing as to when the best time to strike is. For example, not only can the clutch be used during an attack to throw your opponent off, it can also be a lifesaver just as you’re about to reach the blastzone (knockout boundaries) after getting hit. The clutch will reverse your momentum, meaning that the sooner you perform the clutch after flying, the closer you’ll get to the stage and therefore have a more successful recovery. Players who are new to this type of fighting will not be left in the dark here, as there is a great tutorial mode. The tutorial is very interactive with the player, giving them everything they need to get a basic grasp on how the game works. You can also read about the various mechanics that are available in-game, what they do, and how to do it, as well as get a bio on each character and what their moves entail.

  • Go on an epic quest as a not-so-average clown trying to find their dog in Ayo the Clown

    Ayo the Clown is an upcoming adventure platformer from developer Cloud M1, it should be releasing this year and it looks so full of charm it could pop like a balloon at any moment. Funded on Kickstarter back in September 2019 with 475 backers pledging $20,397 we totally missed this, it even had a Linux demo back then too. Cloud M1 said their take on the busy platformer genre is one that's supposed to "reintroduce you to the incredibly fun platformer games of the ‘90s where platforming is accompanied by an inspiring and memorable story". It has a pretty amazing style, one you can easily say is quite Nintendo-like.

  • Valve rolls out News Channels onto Steam to follow your favourite curators - like us!

    Over time Steam continues to grow as much more than just a games store, and Valve are showing how today with their next Steam Labs experiment to let you get your news. Steam Labs Experiment 009 announced here is an addition to the News Hub, which is now hooked up with the Steam Curator system. Valve said it's now nearing completion and it's a big stop towards the full launch. This will presumably replace the old Steam news feed.

Vulkan Graphics: Vulkan Portability Extension and More

  • Vulkan Portability Extension 1.0 Now Shipping For Expanding Vulkan's Reach

    The Vulkan Portability Extension (VK_KHR_portability_subset) has been released as part of the effort by The Khronos Group in getting Vulkan running on as many platforms as possible, including the likes of Apple macOS/iOS. The VK_KHR_portability_subset extension is about getting Vulkan up and running on non-Vulkan APIs, as opposed to the success we have already seen in areas like getting OpenGL or Direct3D atop Vulkan. The VK_KHR_portability_subset extension makes it easier for the likes of GFX-RS and MoltenVK for getting Vulkan running on platforms like Apple's operating systems where Vulkan is not supported and thus having to reside on top of say the Apple Metal API.

  •  
  • Mike Blumenkrantz: Dynamism

    In Vulkan, a pipeline object is bound to the graphics pipeline for a given command buffer when a draw is about to take place. This pipeline object contains information about the draw state, and any time that state changes, a different pipeline object must be created/bound. This is expensive. Some time ago, Antonio Caggiano did some work to cache pipeline objects, which lets zink reuse them once they’re created. This was great, because creating Vulkan objects is very costly, and we want to always be reusing objects whenever possible. Unfortunately, the core Vulkan spec has the number of viewports and scissor regions as both being part of the pipeline state, which means any time either one changes the number of regions (though both viewport and scissor region counts are the same for our purposes), we need a new pipeline.