Language Selection

English French German Italian Portuguese Spanish

Security: Defcon, Carbon Black, Open-Source Cyber Fusion Centre, Open Source Security Podcast and Avaya

Filed under
Security
  • DARPA's $10 million voting machine couldn't be hacked at Defcon (for the wrong reasons)

    For the majority of Defcon, hackers couldn't crack the $10 million secure voting machine prototypes that DARPA had set up at the Voting Village. But it wasn't because of the machine's security features that the team had been working on for four months. The reason: technical difficulties during the machines' setup.

    Eager hackers couldn't find vulnerabilities in the DARPA-funded project during the security conference in Las Vegas because a bug in the machines didn't allow hackers to access their systems over the first two days. (DARPA is the Defense Advanced Research Projects Agency.) Galois brought five machines, and each one had difficulties during the setup, said Joe Kiniry, a principal research scientist at the government contractor.

    "They seemed to have had a myriad of different kinds of problems," the Voting Village's co-founder Harri Hursti said. "Unfortunately, when you're pushing the envelope on technology, these kinds of things happen."

    It wasn't until the Voting Village opened on Sunday morning that hackers could finally get a chance to look for vulnerabilities on the machine. Kiniry said his team was able to solve the problem on three of them and was working to fix the last two before Defcon ended.

  • At hacking conference, Pentagon's transparency highlights voting companies' secrecy

    At the country's biggest election security bonanza, the US government is happy to let hackers try to break into its equipment. The private companies that make the machines America votes on, not so much.

    The Def Con Voting Village, a now-annual event at the US's largest hacking conference, gives hackers free rein to try to break into a wide variety of decommissioned election equipment, some of which is still in use today. As in the previous two years, they found a host of new flaws.
    The hunt for vulnerabilities in US election systems has underscored tensions between the Voting Village organizers, who argue that it's a valuable exercise, and the manufacturers of voting equipment, who didn't have a formal presence at the convention.

  • Carbon Black Open-Source Binary Emulator Eases Malware Analysis

    Carbon Black, the cybersecurity and endpoint protection software provider, has unveiled the Binee open-source binary emulator for real-time malware analysis. The company announced Binee at last week’s DEF CON 27 hacker conference in Las Vegas, Nevada.

    [...]

    Carbon Black also has been gaining momentum with MSPs and MSSPs over the past few months. In fact, Carbon Black recorded revenue of $60.9 million and a net loss of $14.6 million in the second quarter of 2019; both of these figures generally beat Wall Street’s expectations.

  • Concordia receives $560K for a new Open-Source Cyber Fusion Centre

    The call for collaborative projects in the area of information communication technologies led to the genesis of the Open-Source Cyber Fusion Centre, a project that will provide companies with a wide array of tools and methodologies for cybersecurity.

    The project is a joint initiative with Carleton University and two industrial partners, eGloo and AvanTech, all of which have recognized expertise in open-source software application programming interfaces (APIs) and technology stacks.

    [...]

    The Open-Source Cyber Fusion Centre’s ongoing research will help strengthen and democratize the Canadian economy. By mitigating cyberthreats, projects of this kind promote entrepreneurship and help nurture a more diverse economy.

    In addition, the centre provides students with unique opportunities to participate in an ever-changing, complex cybersecurity industry that is becoming increasingly prevalent in Canada.

    SMEs can get in touch with the centre and its partners to receive support on their security operations. They can install advanced technologies in their corporate network as a free service to monitor the security of their operations.

  • Open Source Security Podcast Ep. 151– The DARPA Cyber Grand Challenge with David Brumley

    Open Source Security Podcast helps listeners better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers, the pair covers a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day.

  • McAfee Discovers Vulnerability in Avaya VoIP Phones

    McAfee researchers have uncovered a remote code execution (RCE) vulnerability in open-source software from a popular line of Avaya VoIP phones.

    McAfee is warning organizations that use Avaya VoIP phones to check that firmware on the devices have been updated. Avaya’s install base covers 90% of the Fortune 100, with products targeting customers from small business and midmarket, to large corporations.

More in Tux Machines

6 Best Free and Open Source Linux Anti-Spam Tools

Email is one of the primary communication channels among users. The Radicati Group is an organization which publishes quantitative and qualitative research on business and consumer usage for email, instant messaging, social networking, wireless email, and unified communications. Their research estimates that the total worldwide emails in 2020 is 306 billion. The cost of spam is frightening, estimated to be approximately $50 billion each year. The tide of the daily spam is a continual thorn in the side for both providers and users. Spam is a waste of valuable network bandwidth, disk space and takes up users’ valuable time to declutter their mailboxes. Many spam messages contain URLs to a dubious website or websites, peddling fake pharmaceutical products, replicas, enhancers, or gambling. Alternatively, the URLs may be phishing attacks, for example taking an unwitting victim to a site which seeks to steal private information such as bank account login data. Read more

Stable Kernels: 5.8.11, 5.4.67, 4.19.147, 4.14.199, 4.9.237, and 4.4.237

I'm announcing the release of the 5.8.11 kernel.

All users of the 5.8 kernel series must upgrade.

The updated 5.8.y git tree can be found at:
	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.8.y
and can be browsed at the normal kernel.org git web browser:
	https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...

thanks,

greg k-h
Read more Also: Linux 5.4.67 Linux 4.19.147 Linux 4.14.199 Linux 4.9.237 Linux 4.4.237

today's howtos

KaOS 2020.09

KaOS is pleased to announce the availability of the September release of a new stable ISO. With almost 60 % percent of the packages updated since the last ISO and the last release being over two months old, a new ISO is more than due. News for KDE Applications 20.08 included Dolphin adding thumbnails for 3D Manufacturing Format (3MF) files, you can also see previews of files and folders on encrypted file systems such as Plasma Vaults now remembers and restores the location you were viewing, as well as the open tabs, and split views you had open when you last closed it.Yakuake now lets you configure all the keyboard shortcuts that come from Konsole and there is a new system tray item that shows you when Yakuake is running. Elisa now lets you display all genres, artists, or albums in the sidebar, below other items. As always with this rolling distribution, you will find the very latest packages for the Plasma Desktop, this includes Frameworks 5.74.0, Plasma 5.19.5 and KDE Applications 20.08.1. All built on Qt 5.15.1. Read more