Security Leftovers
-
Secure Socket Layer SSL analysis with sslstrip in Kali Linux 2021
SSL analysis (Secure Socket Layer) is a standard security technology used for establishing an encrypted channel between a server and a client. For example a web server (website) and a browser; or a mail server and a mail client.
SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept (capture) all data being sent over the internet between a browser and a web server they can see and use that information. Http is sent data in plain text over a network. HTTPS protocol is used for establishing secure channel between browser (client) and the web server.
-
This minor Linux bug fix created a much more serious problem [Ed: Notice how media calls GNU just "Linux" as if GNU does not exist or is a sub-project of the kernel]
While studying the patch for a recently fixed vulnerability in the GNU C library (glibc), cybersecurity engineers discovered another issue, which they say affected every Linux distro.
CloudLinux engineer Nikita Popov chanced upon what can essentially be classified as a denial-of-service vulnerability in the upstream glic. Popov believes the bug, tracked as CVE-2021-38604, can be exploited to cause a segmentation fault, causing an application to crash.
-
Remote code execution flaws lurk in countless routers, IoT gear, cameras using Realtek Wi-Fi module SDKs • The Register
Taiwanese chip designer Realtek has warned of four vulnerabilities in three SDKs accompanying its Wi-Fi modules, which are used in almost 200 products made by more than five dozen vendors.
-
I was offered $500k as a thank-you bounty for pilfering $600m from Poly Network, says crypto-thief • The Register
The mysterious miscreant who exploited a software vulnerability in Poly Network to drain $600m in crypto-assets, claims the Chinese blockchain company offered them $500,000 as a reward for discovering the weakness.
Most of the digital funds have been returned over several transactions. “We appreciate you sharing your experience and believe your action constitutes white hat behaviour ... Since, we believe your action is white hat behaviour, we plan to offer you a $500,000 bug bounty after you complete the refund fully,” the thief wrote in their transaction metadata, seemingly quoting or paraphrasing a message received from Poly Network.
- Login or register to post comments
- Printer-friendly version
- 2089 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago