Language Selection

English French German Italian Portuguese Spanish

Security: PGP & GPG, Flaws, and Nmap 7.80

Filed under
Security
  • The Impending Demise of “PGP & GPG”

    My No Starch books normally sell out their print run, get reprinted a few times, and fade into Out Of Print status. But PG3 never sold out its initial print run.

  • Down the Rabbit-Hole...

    It took a lot of effort and research to reach the point that I could understand enough of CTF to realize it’s broken. These are the kind of hidden attack surfaces where bugs last for years. It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed.

    Now that there is tooling available, it will be harder for these bugs to hide going forward.

  • Flaws in 4G Routers of various vendors put millions of users at risk

    “Those manufacturers who are going to be selling 5G routers are currently selling 3G and 4G routers. Which – and I really cannot stress this enough – are mainly bad.”

  • Hack in the box: Hacking into companies with “warshipping”

    Penetration testers have long gone to great lengths to demonstrate the potential chinks in their clients' networks before less friendly attackers exploit them. But in recent tests by IBM's X-Force Red, the penetration testers never had to leave home to get in the door at targeted sites, and the targets weren't aware they were exposed until they got the bad news in report form. That's because the people at X-Force Red put a new spin on sneaking in—something they've dubbed "warshipping."

    Using less than $100 worth of gear—including a Raspberry Pi Zero W, a small battery, and a cellular modem—the X-Force Red team assembled a mobile attack platform that fit neatly within a cardboard spacer dropped into a shipping box or embedded in objects such as a stuffed animal or plaque. At the Black Hat security conference here last week, Ars got a close look at the hardware that has weaponized cardboard.

  • These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer

    It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer.

  • Nmap Defcon Release! 80+ improvements include new NSE scripts/libs, new Npcap, etc.

    Nmap 7.80 source code and binary packages for Linux, Windows, and Mac are available for free download from the usual spot: [...]

More in Tux Machines

A Setback for FOSS in the Public (War) Sector, CONNECT Interoperability Project Shifting to the Private Sector

  • GAO: DoD Not Fully Implementing Open-Source Mandates

    The Department of Defense has not fully implemented mandates from the Office of Management and Budget (OMB) and the 2018 National Defense Authorization Act (NDAA) to increase its use of open-source software and release code, according to a September 10 Government Accountability Office (GAO) report. The report notes that the 2018 NDAA mandated DoD establish a pilot program on open source and a report on the program’s implementation. It also says that OMB’s M-16-21 memorandum requires all agencies to release at least 20 percent of custom-developed code as open-source, with a metric for calculating program performance. However, DoD has released less than 10 percent of its custom code, and had not developed a measure to calculate the performance of the pilot program. In comments to GAO, the DoD CIO’s office said there has been difficulty inventorying all of its custom source code across the department, and disagreement on how to assess the success for a performance measure. While the department worked to partially implement OMB’s policy, the department had not yet issued a policy.

  • Pentagon moves slowly on open-source software mandate amid security concerns

    The Defense Department has been slow to meet a government-wide mandate to release more open-source software code, as DOD officials have concerns about cybersecurity risks and are struggling to implement such a program across the department, according to a new audit.

  • DOD struggles to implement open source software pilots

    The Department of Defense’s congressionally mandated efforts to create an open source software program aren’t going so well. DOD must release at least 20 percent of its custom software as open source through a pilot required by a 2016 Office of Management and Budget directive and the 2018 National Defense Authorization Act. Open source software, OMB says, can encourage collaboration, “reduce costs, streamline development, apply uniform standards, and ensure consistency in creating and delivering information.”

  • DOD drags feet with open-source software program due to security, implementation concerns

    The Defense Department has been slow to meet a government-wide mandate to release more open-source software code, as DOD officials have concerns about cybersecurity risks and are struggling to implement such a program across the department, according to a new audit. Since 2016, DOD has been required by law to implement an open-source software pilot program in accordance with policy established by the Office of Management and Budget.

  • DOD pushes back on open source
  • DOD pushes back on open source
  • CONNECT Interoperability Project Shifting to the Private Sector

    The CONNECT project, an open source project that aims to increase interoperability among organizations, is transitioning from federal stewardship to the private sector and will soon be available to everyone. Developed ten years ago by a group of federal agencies in the Federal Health Architecture (FHA), CONNECT was a response to ONC’s original approach to a health information network. The agencies decided to build a joint health interoperability solution instead of having each agency develop its own custom solution, and they chose to make the project open source.

Android Leftovers

Linux VR Headset

Since most VR Headsets support Windows platforms today, there are very few options for Linux users. Despite its support, many people have faced troubles setting up and running their Headsets on Linux. However, not anymore. The VR gaming experience is now getting better! The all-new Xrdesktop is an open-source development that lets you work with various desktop environments like GNOME and KDE. Since this project is under progress right now, we can hope for more features like Steam, Valve and other platforms for gaming and Virtual Reality experience. In addition, the Xrdesktop will also offer integration with Windows as well. Once completed, it will be a great step towards traditional Linux desktop environments. The program is available for installation in both packages for Ubuntu Linux and Arch Linux. Read more

An Easy Fix for a Stupid Mistake

I waited a long time for Mageia 7 and for OpenMandriva Lx 4. When both distros arrived, I was very happy. But new distros bring changes, and sometimes it is not easy to adapt. Mageia 7 has been rock-solid: it is doing a great job in my laptop and both in my daughter's desktop and in mine. There is one thing, though. I have been avoiding a strange mesa update that wants to remove Steam. OpenMandriva is also fantastic, but this new release provided options like rock, release, and rolling. When I first installed the distro, I chose rock because I was shying away from the rolling flavor. Eventually, I had to move to rolling because that was the only way in which I could manage to install Steam in both my laptop and desktop machines. Read more