Language Selection

English French German Italian Portuguese Spanish

Security: Scare, Onion and Listening Devices

Filed under
Security
  • Yes, if you install malicious programs, then they will likely do malicious things [Ed: Yes, if you install malicious programs, then they will likely do malicious things]

    The researchers determined that parts of a specific component used by Cobalt in the third stage of an attack are present in PureLocker. It is the JScript loader for the "more_eggs" backdoor, described by security researchers at Morphisec.

    In previous research, IBM X-Force revealed that FIN6, another cybercriminal group targeting financial organizations, also used the "more_eggs" malware kit.

    Most of the code in PureLocker is unique, though. This suggests that the malware is either a new one or an existent threat that has been heavily modified.

  • What is Security Onion? And is it better than a commercial IDS?

    Back in the early oughts, a common complaint about Linux was that while it was free/libre, it came with no support and you had to pay expensive senior sysadmins to run Linux systems. Fast forward to today, and Linux has conquered basically every field except for the desktop market.

    [...]

    Security Onion is looking more and more polished with every year that passes, and it may be worth considering if you've got a deep enough security bench to customize, deploy and maintain Security Onion for your enterprise.

  • Fooling Voice Assistants with Lasers

    Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible—and sometimes invisible—commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a variety of phones.

    Shining a low-powered laser into these voice-activated systems allows attackers to inject commands of their choice from as far away as 360 feet (110m). Because voice-controlled systems often don’t require users to authenticate themselves, the attack can frequently be carried out without the need of a password or PIN. Even when the systems require authentication for certain actions, it may be feasible to brute force the PIN, since many devices don’t limit the number of guesses a user can make. Among other things, light-based commands can be sent from one building to another and penetrate glass when a vulnerable device is kept near a closed window.

    The attack exploits a vulnerability in microphones that use micro-electro-mechanical systems, or MEMS. The microscopic MEMS components of these microphones unintentionally respond to light as if it were sound. While the researchers tested only Siri, Alexa, Google Assistant, Facebook Portal, and a small number of tablets and phones, the researchers believe all devices that use MEMS microphones are susceptible to Light Commands attacks.

More in Tux Machines

Linux on the MAG1 8.9 inch mini-laptop (Ubuntu and Fedora)

The Magic Ben MAG1 mini-laptop is a 1.5 pound notebook computer that measures about 8.2″ x 5.8″ x 0.7″ and which features an 8.9 inch touchscreen display and an Intel Core m3-8100Y processor. As I noted in my MAG1 review, the little computer also has one of the best keyboards I’ve used on a laptop this small and a tiny, but responsive trackpad below the backlit keyboard. Available from GeekBuying for $630 and up, the MAG1 ships with Windows 10, but it’s also one of the most Linux-friendly mini-laptops I’ve tested to date. [...] I did not install either operating system to local storage, so I cannot comment on sleep, battery life, fingerprint authentication, or other features that you’d only be able to truly test by fully installing Ubuntu, Fedora, or another GNU/Linux-based operating system. But running from a liveUSB is a good way to kick the tires and see if there are any obvious pain points before installing an operating system, and for the most part the two operating systems I tested look good to go. Booting from a flash drive is also pretty easy. Once you’ve prepared a bootable drive using Rufus, UNetbootin, or a similar tool, just plug it into the computer’s USB port, hit the Esc key during startup to bring up the UEFI/SETUP utility. Read more Also: Top 10 technical skills that will get you hired in 2020

Android Leftovers

An Extensive Look At The AMD Naples vs. Rome Power Efficiency / Performance-Per-Watt

Since the AMD EPYC 7002 "Rome" series launch in August we have continue to be captivated by the raw performance of AMD's Zen 2 server processors across many different workloads as covered now in countless articles. The performance-per-dollar / TCO is also extremely competitive against Intel's Xeon Scalable line-up, but how is the power efficiency of these 7nm EPYC processors? We waited to deliver those numbers until having a retail Rome board for carrying out those tests and now after that and then several weeks of benchmarking, here is an extensive exploration of the AMD EPYC 7002 series power efficiency as well as a look at the peak clock frequencies being achieved in various workloads to also provide some performance-per-clock metrics compared to Naples. Read more

Firefox Picture in Picture is Sweet, Here’s How to Use it on Linux

Picture in picture (PIP) is a novel feature that makes it a doddle to watch a video while you’re busy doing something else (like reading blog posts). How? It allows video content to “pop out” of a web page and play in a separate floating window (with mouse-over player controls, where possible). With PIP you no longer need to tear out a browser tab, resize it narrowly, and try and fit it in somewhere on your screen. And Firefox 72, which is currently in beta, supports this handy feature on the Linux desktop. Read more