Language Selection

English French German Italian Portuguese Spanish

Security: Defcon, Carbon Black, Open-Source Cyber Fusion Centre, Open Source Security Podcast and Avaya

Filed under
Security
  • DARPA's $10 million voting machine couldn't be hacked at Defcon (for the wrong reasons)

    For the majority of Defcon, hackers couldn't crack the $10 million secure voting machine prototypes that DARPA had set up at the Voting Village. But it wasn't because of the machine's security features that the team had been working on for four months. The reason: technical difficulties during the machines' setup.

    Eager hackers couldn't find vulnerabilities in the DARPA-funded project during the security conference in Las Vegas because a bug in the machines didn't allow hackers to access their systems over the first two days. (DARPA is the Defense Advanced Research Projects Agency.) Galois brought five machines, and each one had difficulties during the setup, said Joe Kiniry, a principal research scientist at the government contractor.

    "They seemed to have had a myriad of different kinds of problems," the Voting Village's co-founder Harri Hursti said. "Unfortunately, when you're pushing the envelope on technology, these kinds of things happen."

    It wasn't until the Voting Village opened on Sunday morning that hackers could finally get a chance to look for vulnerabilities on the machine. Kiniry said his team was able to solve the problem on three of them and was working to fix the last two before Defcon ended.

  • At hacking conference, Pentagon's transparency highlights voting companies' secrecy

    At the country's biggest election security bonanza, the US government is happy to let hackers try to break into its equipment. The private companies that make the machines America votes on, not so much.

    The Def Con Voting Village, a now-annual event at the US's largest hacking conference, gives hackers free rein to try to break into a wide variety of decommissioned election equipment, some of which is still in use today. As in the previous two years, they found a host of new flaws.
    The hunt for vulnerabilities in US election systems has underscored tensions between the Voting Village organizers, who argue that it's a valuable exercise, and the manufacturers of voting equipment, who didn't have a formal presence at the convention.

  • Carbon Black Open-Source Binary Emulator Eases Malware Analysis

    Carbon Black, the cybersecurity and endpoint protection software provider, has unveiled the Binee open-source binary emulator for real-time malware analysis. The company announced Binee at last week’s DEF CON 27 hacker conference in Las Vegas, Nevada.

    [...]

    Carbon Black also has been gaining momentum with MSPs and MSSPs over the past few months. In fact, Carbon Black recorded revenue of $60.9 million and a net loss of $14.6 million in the second quarter of 2019; both of these figures generally beat Wall Street’s expectations.

  • Concordia receives $560K for a new Open-Source Cyber Fusion Centre

    The call for collaborative projects in the area of information communication technologies led to the genesis of the Open-Source Cyber Fusion Centre, a project that will provide companies with a wide array of tools and methodologies for cybersecurity.

    The project is a joint initiative with Carleton University and two industrial partners, eGloo and AvanTech, all of which have recognized expertise in open-source software application programming interfaces (APIs) and technology stacks.

    [...]

    The Open-Source Cyber Fusion Centre’s ongoing research will help strengthen and democratize the Canadian economy. By mitigating cyberthreats, projects of this kind promote entrepreneurship and help nurture a more diverse economy.

    In addition, the centre provides students with unique opportunities to participate in an ever-changing, complex cybersecurity industry that is becoming increasingly prevalent in Canada.

    SMEs can get in touch with the centre and its partners to receive support on their security operations. They can install advanced technologies in their corporate network as a free service to monitor the security of their operations.

  • Open Source Security Podcast Ep. 151– The DARPA Cyber Grand Challenge with David Brumley

    Open Source Security Podcast helps listeners better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers, the pair covers a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day.

  • McAfee Discovers Vulnerability in Avaya VoIP Phones

    McAfee researchers have uncovered a remote code execution (RCE) vulnerability in open-source software from a popular line of Avaya VoIP phones.

    McAfee is warning organizations that use Avaya VoIP phones to check that firmware on the devices have been updated. Avaya’s install base covers 90% of the Fortune 100, with products targeting customers from small business and midmarket, to large corporations.

More in Tux Machines

Android Leftovers

GNU Linux-libre 5.3-gnu

GNU Linux-libre 5.3-gnu sources and tarballs are now available at
<http://www.fsfla.org/selibre/linux-libre/download/releases/5.3-gnu/>.
It didn't require any deblobbing changes since -rc7-gnu, the first
published rc-gnu.  Freesh binaries are already available!, thanks to
Jason Self; others are on the way.


Besides recognizing new false positives (sequences that our blob hunter
would report as suspicious, but that are neither blobs nor requests for
blobs), updating the deblobbing scripts for 5.3 required adjusting
cleaned up drivers for updated blob names, recognizing one new Free
piece of firmware with binary and corresponding sources embedded in the
kernel sources, and disabling blob loading introduced in a few drivers:
QCOM, DRM (HDCP), Allegro-DVT, and Meson-VDEC.

This last one was particularly disappointing: the firmware sources were
supposed to be available from LibreELEC, and though the link to the
alleged sources there is broken, I managed to find the "source" repo
containing them, only to find out the "source" was just a binary blob
encoded in C as an array of char, just like Linux used to do back when I
got involved with Linux-libre.  Oh well...  Request disabled...

If anyone can find Freely-licensed actual source code for that, or for
any other file whose loading we disable, please let us know, so that we
can refrain from disabling its loading.


For up-to-the-minute news, join us on #linux-libre of irc.gnu.org
(Freenode), or follow me (@lxoliva) on Twister <http://twister.net.co/>,
Secure Scuttlebutt, GNU social at social.libreplanet.org, Diaspora* at
pod.libreplanetbr.org or pump.io at identi.ca.  Check my web page (link
in the signature) for direct links.


Be Free! with GNU Linux-libre.
Read more Also: GNU Linux-Libre 5.3 Kernel Arrives for Those Seeking 100% Freedom for Their PCs GNU Linux-libre 5.3 Continues Deblobbing & Dealing With Firmware Trickery

New WireGuard Snapshot Offers Better Compatibility With Distributions/Kernels

WireGuard sadly isn't slated for the now-open Linux 5.4 merge window, but lead developer Jason Donenfeld has put out a new development snapshot of this open-source secure VPN tunnel. Coming barely two weeks since the previous WireGuard snapshot, this newest development release isn't too heavy on the changes but the focus is on better portability/compatibility. Read more

A Simple Review of GNOME 3.34

That's all for now. As always, I love how simple and beautiful GNOME release announcement was. After testing in 3 days, I immediately like this version more than the previous one for the speed improvement and I hope Ubuntu and other distros adopt it soon. Ah, I forgot, regarding Ubuntu, good news for us: next October's Ubuntu Eoan Ermine will feature 3.34! Regarding GNOME, I don't know if this is coincidence or what, but this year's KDE Plasma is faster and smoother and so is GNOME. I think next GNOME 3.36 will be faster and better as well. Finally I would love to say thank you GNOME developers! You all did well in last 6 month. How do you think about 3.34? Let me know in the comment section! Read more Also: Internet Speed Indicator for GNOME 3.34